Overview

File _patchinfo of Package patchinfo.23173

<patchinfo incident="23173">
  <issue tracker="bnc" id="1182345">go1.16 release tracking</issue>
  <issue tracker="bnc" id="1196732">VUL-0: CVE-2022-24921: go1.17,go1.16: regexp: stack overflow (process exit) handling deeply nested regexp</issue>
  <issue tracker="cve" id="2022-24921"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.16</summary>
  <description>This update for go1.16 fixes the following issues:

Update to go version 1.16.15.

Security issue fixed:

- CVE-2022-24921: Fixed a stack overflow (process exit) handling deeply nested regular expressions  (bsc#1196732).

Non-security issues fixed:

- go#51117 regexp: stack overflow (process exit) handling deeply nested regexp
- go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
- go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
- go#51161 net: use EDNS to increase DNS packet size [freeze exception]
- go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places