UbuntuUpdates.org

Package "golang-1.21-doc"

Name: golang-1.21-doc

Description:

Go programming language - documentation
Latest version: 1.21.1-1~ubuntu22.04.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: golang-1.21
Homepage: https://go.dev/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "golang-1.21-doc"

All arch deb package
APT INSTALL

Other versions of "golang-1.21-doc" in Jammy

Repository Area Version
security universe 1.21.1-1~ubuntu22.04.2

Changelog

Version: 1.21.1-1~ubuntu22.04.2 2024-01-11 06:10:53 UTC

  golang-1.21 (1.21.1-1~ubuntu22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:54:05 +0530
Source diff to previous version
CVE-2023-39323 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed
CVE-2023-39325 A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total
CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-39326 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network
CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via th

Version: 1.21.1-1~ubuntu22.04.1 2023-11-16 21:07:15 UTC

  golang-1.21 (1.21.1-1~ubuntu22.04.1) jammy; urgency=medium

  * Backport to Jammy (LP: #2040269)

 -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:18:08 +0800
2040269 [SRU] backport golang-1.21 from mantic


About   -   Send Feedback to @ubuntu_updates