[ubuntu/jammy-security] golang-1.22 1.22.2-2~22.04.2 (Accepted)
Evan Caville
evan.caville at canonical.com
Wed Oct 23 05:20:09 UTC 2024
golang-1.22 (1.22.2-2~22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service issue when handling
“Expect: 100-continue” headers
- debian/patches/CVE-2024-24791.patch: net/http: send body or close
connection on expect-100-continue requests.
- CVE-2024-24791
* SECURITY UPDATE: denial of service issue when calling any Parse functions
from stack exhaustion
- debian/patches/CVE-2024-34155.patch: go/parser: track depth in nested
element lists.
- CVE-2024-34155
* SECURITY UPDATE: denial of service issue when decoding a message from
stack exhaustion
- debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed cases
when checking ignore depth.
- CVE-2024-34156
* SECURITY UPDATE: denial of service issue when calling Parse on certain
build tags from stack exhaustion
- debian/patches/CVE-2024-34158.patch: go/build/constraint: add parsing
limits.
- CVE-2024-34158
Date: 2024-10-22 07:20:14.070085+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~22.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list