UbuntuUpdates.org

Package "golang-golang-x-text-dev"

Name: golang-golang-x-text-dev

Description:

Supplementary Go text-related libraries

Latest version: 0.3.2-4ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: universe
Head package: golang-golang-x-text
Homepage: https://godoc.org/golang.org/x/text

Links


Download "golang-golang-x-text-dev"


Other versions of "golang-golang-x-text-dev" in Focal

Repository Area Version
base universe 0.3.2-4
security universe 0.3.2-4ubuntu0.1

Changelog

Version: 0.3.2-4ubuntu0.1 2023-02-16 12:07:05 UTC

  golang-golang-x-text (0.3.2-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service (crash)
    - debian/patches/CVE-2020-14040.patch: encoding/unicode: correctly
    handle single-byte UTF-16 inputs (and harden transform.String)
    - debian/patches/CVE-2020-28852.patch: internal/language: fix
    resizeRange index wrong way
    - debian/patches/CVE-2020-28851.patch: language: allow variable
    number of types per key in -u- extension
    - debian/patches/CVE-2021-38561.patch: language: turn parsing panics
    into ErrSyntax
    - debian/patches/CVE-2022-32149.patch: language: reject excessively
    large Accept-Language strings
    - CVE-2020-14040
    - CVE-2020-28852
    - CVE-2020-28851
    - CVE-2021-38561
    - CVE-2022-32149

 -- Eduardo Barretto <email address hidden> Wed, 11 Jan 2023 20:11:03 +0100

CVE-2020-14040 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causi
CVE-2020-28852 In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/lang
CVE-2020-28851 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is sup
CVE-2021-38561 golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculati
CVE-2022-32149 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.



About   -   Send Feedback to @ubuntu_updates