Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Bug #2015339 reported by
Shengjing Zhu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
golang-1.20 (Ubuntu) |
Fix Released
|
Undecided
|
Graham Inggs |
Bug Description
Please sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Changelog entries since current lunar version 1.20.2-1:
golang-1.20 (1.20.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.3
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <email address hidden> Wed, 05 Apr 2023 02:04:08 +0800
CVE References
Changed in golang-1.20 (Ubuntu): | |
assignee: | nobody → Graham Inggs (ginggs) |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package golang-1.20 - 1.20.3-1
Sponsored for Shengjing Zhu (zhsj)
---------------
golang-1.20 (1.20.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.3
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <email address hidden> Wed, 05 Apr 2023 02:04:08 +0800