[ubuntu/kinetic-updates] golang-1.19 1.19.2-1ubuntu1.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Jun 6 07:28:20 UTC 2023

golang-1.19 (1.19.2-1ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: html injection vulnerability
    - debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
    - debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
      unquoted attr value
    - CVE-2023-24539
    - CVE-2023-29400
  * SECURITY UPDATE: javascript injection vulnerability
    - debian/patches/CVE-2023-24540.patch: handle all JS whitespace
    - CVE-2023-24540
  * SECURITY UPDATE: large handshake records cause panic
    - debian/patches/CVE-2022-41724.patch: replace all usages of
    - CVE-2022-41724
  * SECURITY UPDATE: denial of service from excessive resource consumption
    - debian/patches/CVE-2022-41725.patch: imit memory/inode consumption of
    - CVE-2022-41725
  * SECURITY UPDATE: DoS issue due to panic
    - debian/patches/CVE-2023-24534.patch: avoid overpredicting the number
      of MIME header keys
    - CVE-2023-24534
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2023-24537.patch: reject large line and column
      number in //line directives
    - CVE-2023-24537
  * SECURITY UPDATE: code injection vulnerability
    - debian/patches/CVE-2023-24538.patch: disallow actions in JS template
    - CVE-2023-24538

Date: 2023-06-05 05:56:07.386966+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the kinetic-changes mailing list