[ubuntu/kinetic-security] golang-1.19 1.19.2-1ubuntu1.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Jun 6 06:13:11 UTC 2023
golang-1.19 (1.19.2-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: html injection vulnerability
- debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
values
- debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
unquoted attr value
- CVE-2023-24539
- CVE-2023-29400
* SECURITY UPDATE: javascript injection vulnerability
- debian/patches/CVE-2023-24540.patch: handle all JS whitespace
characters
- CVE-2023-24540
* SECURITY UPDATE: large handshake records cause panic
- debian/patches/CVE-2022-41724.patch: replace all usages of
BytesOrPanic
- CVE-2022-41724
* SECURITY UPDATE: denial of service from excessive resource consumption
- debian/patches/CVE-2022-41725.patch: imit memory/inode consumption of
ReadForm
- CVE-2022-41725
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number
of MIME header keys
- CVE-2023-24534
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column
number in //line directives
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals
- CVE-2023-24538
Date: 2023-06-05 05:56:07.386966+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.19/1.19.2-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list