[ubuntu/lunar-security] golang-1.20 1.20.3-1ubuntu0.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Jun 6 06:13:13 UTC 2023
golang-1.20 (1.20.3-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: html injection vulnerability
- debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
values
- debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
unquoted attr value
- CVE-2023-24539
- CVE-2023-29400
* SECURITY UPDATE: javascript injection vulnerability
- debian/patches/CVE-2023-24540.patch: handle all JS whitespace
characters
- CVE-2023-24540
Date: 2023-05-31 12:24:09.197331+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list