* [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8
@ 2024-03-06 0:34 Christian Stewart via buildroot
2024-03-06 7:24 ` Peter Korsgaard
2024-03-20 20:18 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Christian Stewart via buildroot @ 2024-03-06 0:34 UTC (permalink / raw
To: buildroot
Cc: Christian Stewart, Anisse Astier, Thomas Petazzoni,
Yann E . MORIN
Fixes the following CVEs:
CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm
CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping
CVE-2024-24784: net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.21.8
Signed-off-by: Christian Stewart <christian@aperture.us>
---
package/go/go.hash | 2 +-
package/go/go.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index d008019e94..b1aed10c7c 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
# From https://go.dev/dl
-sha256 00197ab20f33813832bff62fd93cca1c42a08cc689a32a6672ca49591959bff6 go1.21.7.src.tar.gz
+sha256 dc806cf75a87e1414b5b4c3dcb9dd3e9cc98f4cfccec42b7af617d5a658a3c43 go1.21.8.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 9efd4a3123..3ca055b25d 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.21.7
+GO_VERSION = 1.21.8
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
--
2.44.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8
2024-03-06 0:34 [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8 Christian Stewart via buildroot
@ 2024-03-06 7:24 ` Peter Korsgaard
2024-03-20 20:18 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-03-06 7:24 UTC (permalink / raw
To: Christian Stewart
Cc: Thomas Petazzoni, Anisse Astier, Yann E . MORIN, buildroot
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
> Fixes the following CVEs:
> CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm
> CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
> CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
> CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping
> CVE-2024-24784: net/mail: comments in display names are incorrectly handled
> https://go.dev/doc/devel/release#go1.21.8
> Signed-off-by: Christian Stewart <christian@aperture.us>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8
2024-03-06 0:34 [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8 Christian Stewart via buildroot
2024-03-06 7:24 ` Peter Korsgaard
@ 2024-03-20 20:18 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-03-20 20:18 UTC (permalink / raw
To: Christian Stewart
Cc: Thomas Petazzoni, Anisse Astier, Yann E . MORIN, buildroot
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
> Fixes the following CVEs:
> CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm
> CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
> CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
> CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping
> CVE-2024-24784: net/mail: comments in display names are incorrectly handled
> https://go.dev/doc/devel/release#go1.21.8
> Signed-off-by: Christian Stewart <christian@aperture.us>
Committed to 2024.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-03-20 20:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-06 0:34 [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.8 Christian Stewart via buildroot
2024-03-06 7:24 ` Peter Korsgaard
2024-03-20 20:18 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.