[ubuntu/noble-security] golang-1.22 1.22.2-2ubuntu0.3 (Accepted)
Evan Caville
evan.caville at canonical.com
Wed Oct 23 05:20:08 UTC 2024
golang-1.22 (1.22.2-2ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: denial of service issue when handling
“Expect: 100-continue” headers
- debian/patches/CVE-2024-24791.patch: net/http: send body or close
connection on expect-100-continue requests.
- CVE-2024-24791
* SECURITY UPDATE: denial of service issue when calling any Parse functions
from stack exhaustion
- debian/patches/CVE-2024-34155.patch: go/parser: track depth in nested
element lists.
- CVE-2024-34155
* SECURITY UPDATE: denial of service issue when decoding a message from
stack exhaustion
- debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed cases
when checking ignore depth.
- CVE-2024-34156
* SECURITY UPDATE: denial of service issue when calling Parse on certain
build tags from stack exhaustion
- debian/patches/CVE-2024-34158.patch: go/build/constraint: add parsing
limits.
- CVE-2024-34158
golang-1.22 (1.22.2-2ubuntu0.2) noble-proposed; urgency=medium
* SRU: LP: #2076340: No-change rebuild to pick up changed build flags
on ppc64 and s390x.
Date: 2024-10-22 07:13:12.321057+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list