Package "golang-1.20-go"
Name: |
golang-1.20-go
|
Description: |
Go programming language compiler, linker, compiled stdlib
|
Latest version: |
1.20.3-1ubuntu0.1~22.04.1 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
golang-1.20 |
Homepage: |
https://go.dev/ |
Links
Download "golang-1.20-go"
Other versions of "golang-1.20-go" in Jammy
Changelog
golang-1.20 (1.20.3-1ubuntu0.1~22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: XSS issue
- debian/patches/CVE-2023-39318.patch: support HTML-like comments in
script contexts
- debian/patches/CVE-2023-39319.patch: roperly handle special tags
within the script context
- CVE-2023-39318
- CVE-2023-39319
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Wed, 10 Jan 2024 11:28:05 +0530
|
Source diff to previous version |
CVE-2023-39318 |
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may caus |
CVE-2023-39319 |
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script |
CVE-2023-39323 |
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed |
CVE-2023-39325 |
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total |
CVE-2023-44487 |
The HTTP/2 protocol allows a denial of service (server resource consum ... |
CVE-2023-39326 |
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network |
CVE-2023-45285 |
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via th |
|
golang-1.20 (1.20.3-1ubuntu0.1~22.04) jammy; urgency=medium
* Backport to Jammy (LP: #2020658)
-- Denison Barbosa <email address hidden> Thu, 15 Jun 2023 14:55:15 +0200
|
2020658 |
[SRU] Backport Go 1.20 to Jammy |
|
About
-
Send Feedback to @ubuntu_updates