[ubuntu/noble-security] golang-1.22 1.22.2-2ubuntu0.3 (Accepted)

Evan Caville evan.caville at canonical.com
Wed Oct 23 05:20:08 UTC 2024


golang-1.22 (1.22.2-2ubuntu0.3) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service issue when handling 
    “Expect: 100-continue” headers
    - debian/patches/CVE-2024-24791.patch: net/http: send body or close 
      connection on expect-100-continue requests.
    - CVE-2024-24791
  * SECURITY UPDATE: denial of service issue when calling any Parse functions 
    from stack exhaustion
    - debian/patches/CVE-2024-34155.patch: go/parser: track depth in nested
      element lists.
    - CVE-2024-34155
  * SECURITY UPDATE: denial of service issue when decoding a message from
    stack exhaustion
    - debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed cases
      when checking ignore depth.
    - CVE-2024-34156
  * SECURITY UPDATE: denial of service issue when calling Parse on certain
    build tags from stack exhaustion
    - debian/patches/CVE-2024-34158.patch: go/build/constraint: add parsing
      limits.
    - CVE-2024-34158

golang-1.22 (1.22.2-2ubuntu0.2) noble-proposed; urgency=medium

  * SRU: LP: #2076340: No-change rebuild to pick up changed build flags
    on ppc64 and s390x.

Date: 2024-10-22 07:13:12.321057+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the noble-changes mailing list