Go is three point versions behind
Bug #2039848 reported by
Edu Gómez Escandell
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| golang-1.21 (Ubuntu) |
New
|
High
|
Unassigned | ||
Bug Description
The packaged go executable is currently at version 1.21.1
There have been two new releases since, both related to security issues.
- go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the runtime/metrics package.
- go1.21.3 (released 2023-10-10) includes a security fix to the net/http package.
- go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages.
As such, all packages that depend on golang-1.21 are now exposed to these vulnerabilities.
CVE References
| description: | updated |
| description: | updated |
| summary: |
- Go is two point versions behind + Go is three point versions behind |
To post a comment you must log in.
