projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b519ab0) | patch
golang: Update to 1.17.12
authorJeffery To <jeffery.to@gmail.com>
Mon, 18 Jul 2022 12:16:34 +0000 (20:16 +0800)
committerRosen Penev <rosenp@gmail.com>
Wed, 20 Jul 2022 09:38:16 +0000 (02:38 -0700)
commit8a03e656554d1e743e42b99abc0a0a30ee676b87
tree8cef8fadf29dcb3ca9b91307f5efa3c830dc6e7btree | snapshot
parentb519ab08e56fea91e9bd665ca78d0d86f6ac1a93commit | diff
golang: Update to 1.17.12

Includes fixes for:

* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
  header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
  X-Forwarded-For not working

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/golang/golang/Makefile diff | blob | history
Mirror of packages feed