UbuntuUpdates.org

Package "golang-golang-x-text-dev"

Name: golang-golang-x-text-dev

Description:

Supplementary Go text-related libraries
Latest version: 0.0~git20170627.0.6353ef0-1ubuntu2.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: golang-x-text
Homepage: https://godoc.org/golang.org/x/text

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "golang-golang-x-text-dev"

All arch deb package
APT INSTALL

Other versions of "golang-golang-x-text-dev" in Bionic

Repository Area Version
base universe 0.0~git20170627.0.6353ef0-1ubuntu2
updates universe 0.0~git20170627.0.6353ef0-1ubuntu2.1

Changelog

Version: 0.0~git20170627.0.6353ef0-1ubuntu2.1 2023-02-16 11:07:02 UTC

  golang-x-text (0.0~git20170627.0.6353ef0-1ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of Service (crash)
    - debian/patches/CVE-2020-14040.patch: encoding/unicode: correctly
    handle single-byte UTF-16 inputs (and harden transform.String)
    - debian/patches/CVE-2020-28852.patch: internal/language: fix
    resizeRange index wrong way
    - debian/patches/CVE-2020-28851.patch: language: allow variable
    number of types per key in -u- extension
    - debian/patches/CVE-2021-38561.patch: language: turn parsing panics
    into ErrSyntax
    - debian/patches/CVE-2022-32149.patch: language: reject excessively
    large Accept-Language strings
    - CVE-2020-14040
    - CVE-2020-28852
    - CVE-2020-28851
    - CVE-2021-38561
    - CVE-2022-32149

 -- Eduardo Barretto <email address hidden> Wed, 11 Jan 2023 19:49:49 +0100
CVE-2020-14040 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causi
CVE-2020-28852 In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/lang
CVE-2020-28851 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is sup
CVE-2021-38561 golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculati
CVE-2022-32149 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.


About   -   Send Feedback to @ubuntu_updates