package/go: security bump to version 1.19.6

go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the go command, the linker, the runtime, and the crypto/x509, net/http, and time packages. See the Go 1.19.6 milestone on the Go issue tracker for details. CVE-2022-41725: net/http, mime/multipart: denial of service from excessive resource consumption CVE-2022-41724: crypto/tls: large handshake records may cause panics CVE-2022-41723: net/http: avoid quadratic complexity in HPACK decoding https://go.dev/doc/devel/release#go1.19.minor Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-14 23:29:23 -08:00 · 2023-02-14 23:29:23 -08:00 · 98e0452ebb
commit 98e0452ebb
parent efdcc850be
2 changed files with 2 additions and 2 deletions
--- a/package/go/go.hash
+++ b/package/go/go.hash
@ -1,3 +1,3 @@
 # From https://go.dev/dl
-sha256  8e486e8e85a281fc5ce3f0bedc5b9d2dbf6276d7db0b25d3ec034f313da0375f  go1.19.5.src.tar.gz
+sha256  d7f0013f82e6d7f862cc6cb5c8cdb48eef5f2e239b35baa97e2f1a7466043767  go1.19.6.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
--- a/package/go/go.mk
+++ b/package/go/go.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GO_VERSION = 1.19.5
+GO_VERSION = 1.19.6
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz