Package "golang-1.22-src"
| Name: |
golang-1.22-src
|
Description: |
Go programming language - source files
|
| Latest version: |
1.22.2-2~20.04.2 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
golang-1.22 |
| Homepage: |
https://go.dev/ |
Links
Download "golang-1.22-src"
Other versions of "golang-1.22-src" in Focal
Changelog
|
golang-1.22 (1.22.2-2~20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: denial of service issue when handling
âExpect: 100-continueâ headers
- debian/patches/CVE-2024-24791.patch: net/http: send body or close
connection on expect-100-continue requests.
- CVE-2024-24791
* SECURITY UPDATE: denial of service issue when calling any Parse functions
from stack exhaustion
- debian/patches/CVE-2024-34155.patch: go/parser: track depth in nested
element lists.
- CVE-2024-34155
* SECURITY UPDATE: denial of service issue when decoding a message from
stack exhaustion
- debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed cases
when checking ignore depth.
- CVE-2024-34156
* SECURITY UPDATE: denial of service issue when calling Parse on certain
build tags from stack exhaustion
- debian/patches/CVE-2024-34158.patch: go/build/constraint: add parsing
limits.
- CVE-2024-34158
-- Evan Caville <email address hidden> Fri, 18 Oct 2024 16:30:36 +1100
|
| CVE-2024-24791 |
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational |
| CVE-2024-34155 |
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. |
| CVE-2024-34156 |
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-202 |
| CVE-2024-34158 |
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. |
|
About
-
Send Feedback to @ubuntu_updates
