[ubuntu/lunar-security] golang-1.20 1.20.3-1ubuntu0.2 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Thu Jan 11 04:09:50 UTC 2024
golang-1.20 (1.20.3-1ubuntu0.2) lunar-security; urgency=medium
* SECURITY UPDATE: XSS issue
- debian/patches/CVE-2023-39318.patch: support HTML-like comments in
script contexts
- debian/patches/CVE-2023-39319.patch: roperly handle special tags
within the script context
- CVE-2023-39318
- CVE-2023-39319
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
Date: 2024-01-10 07:00:26.980017+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list