UbuntuUpdates.org

Package "golang-1.20-src"

Name: golang-1.20-src

Description:

Go programming language - source files
Latest version: 1.20.3-1ubuntu0.1
Release: lunar (23.04)
Level: security
Repository: main
Head package: golang-1.20
Homepage: https://go.dev/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "golang-1.20-src"

All arch deb package
APT INSTALL

Other versions of "golang-1.20-src" in Lunar

Repository Area Version
base main 1.20.3-1
updates main 1.20.3-1ubuntu0.1

Changelog

Version: 1.20.3-1ubuntu0.1 2023-06-06 08:07:01 UTC

  golang-1.20 (1.20.3-1ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: html injection vulnerability
    - debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
      values
    - debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
      unquoted attr value
    - CVE-2023-24539
    - CVE-2023-29400
  * SECURITY UPDATE: javascript injection vulnerability
    - debian/patches/CVE-2023-24540.patch: handle all JS whitespace
      characters
    - CVE-2023-24540

 -- Nishit Majithia <email address hidden> Wed, 31 May 2023 17:28:05 +0530
CVE-2023-24539 Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'
CVE-2023-29400 Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results w
CVE-2023-24540 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character s


About   -   Send Feedback to @ubuntu_updates