package/go: security bump to go1.21.8

Fixes the following CVEs: CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping CVE-2024-24784: net/mail: comments in display names are incorrectly handled https://go.dev/doc/devel/release#go1.21.8 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a94f816e45) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-05 16:34:54 -08:00 · 2024-03-05 16:34:54 -08:00 · 3cfd81f39d
commit 3cfd81f39d
parent 87e979e457
2 changed files with 2 additions and 2 deletions
--- a/package/go/go.hash
+++ b/package/go/go.hash
@ -1,3 +1,3 @@
 # From https://go.dev/dl
-sha256  00197ab20f33813832bff62fd93cca1c42a08cc689a32a6672ca49591959bff6  go1.21.7.src.tar.gz
+sha256  dc806cf75a87e1414b5b4c3dcb9dd3e9cc98f4cfccec42b7af617d5a658a3c43  go1.21.8.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
--- a/package/go/go.mk
+++ b/package/go/go.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GO_VERSION = 1.21.7
+GO_VERSION = 1.21.8
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz