Overview
Request 1041235 accepted
- go1.19.4 (released 2022-12-06) includes security fixes to the
net/http and os packages, as well as bug fixes to the compiler,
the runtime, and the crypto/x509, os/exec, and sync/atomic
packages.
Refs boo#1200441 go1.19 release tracking
CVE-2022-41717 CVE-2022-41720
* go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
* go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
* go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate
* go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
* go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072
* go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions.
* go#56636 runtime: traceback stuck in runtime.systemstack
* go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
* go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
* go#56438 crypto/x509: respect GODEBUG changes during program lifetime
* go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
* go#56360 cmd/compile: panic: offset too large (forwarded request 1041233 from jfkw)
Request History
jfkw created request
- go1.19.4 (released 2022-12-06) includes security fixes to the
net/http and os packages, as well as bug fixes to the compiler,
the runtime, and the crypto/x509, os/exec, and sync/atomic
packages.
Refs boo#1200441 go1.19 release tracking
CVE-2022-41717 CVE-2022-41720
* go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
* go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
* go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate
* go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
* go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072
* go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions.
* go#56636 runtime: traceback stuck in runtime.systemstack
* go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
* go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
* go#56438 crypto/x509: respect GODEBUG changes during program lifetime
* go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
* go#56360 cmd/compile: panic: offset too large (forwarded request 1041233 from jfkw)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar_suse set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:E"
licensedigger accepted review
ok
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.