Package "golang-1.22-doc"
Name: |
golang-1.22-doc
|
Description: |
Go programming language - documentation
|
Latest version: |
1.22.2-2~22.04.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Head package: |
golang-1.22 |
Homepage: |
https://go.dev/ |
Links
Download "golang-1.22-doc"
Other versions of "golang-1.22-doc" in Jammy
Changelog
golang-1.22 (1.22.2-2~22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service issue when handling
âExpect: 100-continueâ headers
- debian/patches/CVE-2024-24791.patch: net/http: send body or close
connection on expect-100-continue requests.
- CVE-2024-24791
* SECURITY UPDATE: denial of service issue when calling any Parse functions
from stack exhaustion
- debian/patches/CVE-2024-34155.patch: go/parser: track depth in nested
element lists.
- CVE-2024-34155
* SECURITY UPDATE: denial of service issue when decoding a message from
stack exhaustion
- debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed cases
when checking ignore depth.
- CVE-2024-34156
* SECURITY UPDATE: denial of service issue when calling Parse on certain
build tags from stack exhaustion
- debian/patches/CVE-2024-34158.patch: go/build/constraint: add parsing
limits.
- CVE-2024-34158
-- Evan Caville <email address hidden> Fri, 18 Oct 2024 13:43:09 +1100
|
Source diff to previous version |
CVE-2024-24791 |
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational |
CVE-2024-34155 |
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. |
CVE-2024-34156 |
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-202 |
CVE-2024-34158 |
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. |
|
golang-1.22 (1.22.2-2~22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24788.patch: net: check SkipAdditional error
result
- CVE-2024-24788
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
-- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:45:50 +0530
|
CVE-2024-24788 |
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. |
CVE-2024-24789 |
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment cou |
CVE-2024-24790 |
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which woul |
|
About
-
Send Feedback to @ubuntu_updates