UbuntuUpdates.org

Package "golang-golang-x-text"

Name: golang-golang-x-text

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Supplementary Go text-related libraries
Latest version: 0.3.2-4ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "golang-golang-x-text" in Focal

Repository Area Version
base universe 0.3.2-4
updates universe 0.3.2-4ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.3.2-4ubuntu0.1 2023-02-16 11:07:04 UTC

  golang-golang-x-text (0.3.2-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service (crash)
    - debian/patches/CVE-2020-14040.patch: encoding/unicode: correctly
    handle single-byte UTF-16 inputs (and harden transform.String)
    - debian/patches/CVE-2020-28852.patch: internal/language: fix
    resizeRange index wrong way
    - debian/patches/CVE-2020-28851.patch: language: allow variable
    number of types per key in -u- extension
    - debian/patches/CVE-2021-38561.patch: language: turn parsing panics
    into ErrSyntax
    - debian/patches/CVE-2022-32149.patch: language: reject excessively
    large Accept-Language strings
    - CVE-2020-14040
    - CVE-2020-28852
    - CVE-2020-28851
    - CVE-2021-38561
    - CVE-2022-32149

 -- Eduardo Barretto <email address hidden> Wed, 11 Jan 2023 20:11:03 +0100
CVE-2020-14040 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causi
CVE-2020-28852 In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/lang
CVE-2020-28851 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is sup
CVE-2021-38561 golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculati
CVE-2022-32149 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.


About   -   Send Feedback to @ubuntu_updates