Overview

File _patchinfo of Package patchinfo.23737

<patchinfo incident="23737">
  <issue tracker="bnc" id="1183043">go compilers need binutils-gold on aarch64 (and armv7)</issue>
  <issue tracker="bnc" id="1193598">VUL-0: CVE-2021-44717: go1.1 6,go1.17: syscall: don&#8217;t close fd 0 on ForkExec error</issue>
  <issue tracker="bnc" id="1191468">VUL-0: CVE-2021-38297: go1.15,go1.16,go1.17: misc/wasm, cmd/link: do not let command line args overwrite global data</issue>
  <issue tracker="bnc" id="1192378">VUL-0: CVE-2021-41772: go1.16,go1.17: archive/zip: don't panic on (*Reader).Open</issue>
  <issue tracker="bnc" id="1198423">VUL-0: CVE-2022-24675: go1.17,go1.18: encoding/pem: stack overflow</issue>
  <issue tracker="bnc" id="1193597">VUL-0: CVE-2021-44716: go1.16,go1.17, grafana: net/http: limit growth of header canonicalization cache</issue>
  <issue tracker="bnc" id="1190649">go1.17 release tracking</issue>
  <issue tracker="bnc" id="1198424">VUL-0: CVE-2022-28327: go1.17,go1.18: crypto/elliptic: tolerate all oversized scalars in generic P-256</issue>
  <issue tracker="bnc" id="1195834">VUL-0: CVE-2022-23773: go1.16,go1.17: incorrect access control in cmd/go</issue>
  <issue tracker="bnc" id="1196732">VUL-0: CVE-2022-24921: go1.17,go1.16: regexp: stack overflow (process exit) handling deeply nested regexp</issue>
  <issue tracker="bnc" id="1192377">VUL-0: CVE-2021-41771: go1.16,go1.17: debug/macho: invalid dynamic symbol table command can cause panic</issue>
  <issue tracker="bnc" id="1195838">VUL-0: CVE-2022-23806: go1.17,go1.16: golang: crypto/elliptic IsOnCurve returns true for invalid field elements</issue>
  <issue tracker="bnc" id="1190589">VUL-0: CVE-2021-39293: go1.15,go1.16,go1.17: archive/zip: overflow in preallocation check can cause OOM panic</issue>
  <issue tracker="bnc" id="1195835">VUL-0: CVE-2022-23772: go1.17,go1.16: overflow in Rat.SetString in math/big can lead to Uncontrolled Memory Consumption</issue>
  <issue tracker="cve" id="2022-24675"/>
  <issue tracker="cve" id="2022-23772"/>
  <issue tracker="cve" id="2022-23806"/>
  <issue tracker="cve" id="2021-41771"/>
  <issue tracker="cve" id="2021-41772"/>
  <issue tracker="cve" id="2021-44717"/>
  <issue tracker="cve" id="2021-39293"/>
  <issue tracker="cve" id="2021-44716"/>
  <issue tracker="cve" id="2021-38297"/>
  <issue tracker="cve" id="2022-24921"/>
  <issue tracker="cve" id="2022-28327"/>
  <issue tracker="cve" id="2022-23773"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.17</summary>
  <description>This update for go1.17 fixes the following issues:

- Version 1.17.9 released (bsc#1190649).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places