package/go: security bump to 1.18.5
go1.18.4 includes security fixes to the compress/gzip, encoding/gob,
encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as
bug fixes to the compiler, the go command, the linker, the runtime, and the
runtime/metrics package.
go1.18.5 includes security fixes to the encoding/gob and math/big packages, as
well as bug fixes to the compiler, the go command, the runtime, and the testing
package.
https://go.dev/doc/devel/release#go1.18.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-08-02 03:33:59 +02:00
|
|
|
# From https://go.dev/dl
|
package/go: security bump to version 1.19.8
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well as
bug fixes to the compiler, the linker, the runtime, and the time package.
Fixes security vulnerabilities:
go/parser: infinite loop in parsing (CVE-2023-24537)
html/template: backticks not treated as string delimiters (CVE-2023-24538)
net/http, net/textproto: denial of service from excessive memory
allocation (CVE-2023-24534)
net/http, net/textproto, mime/multipart: denial of service from excessive
resource consumption (CVE-2023-24536)
https://go.dev/doc/devel/release#go1.19.8
https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-04-04 21:08:07 +02:00
|
|
|
sha256 1d7a67929dccafeaf8a29e55985bc2b789e0499cb1a17100039f084e3238da2f go1.19.8.src.tar.gz
|
2021-04-03 08:45:38 +02:00
|
|
|
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
|
