Overview

File _patchinfo of Package patchinfo.33755

<patchinfo incident="33755">
  <issue tracker="bnc" id="1224017">VUL-0: CVE-2024-24787 go1.21,go1.22: cmd/go: arbitrary code execution during build on darwin</issue>
  <issue tracker="bnc" id="1224018">VUL-0: CVE-2024-24788 go1.22: net: malformed DNS message can cause infinite loop</issue>
  <issue tracker="bnc" id="1218424">go1.22 release tracking</issue>
  <issue tracker="cve" id="2024-24788"/>
  <issue tracker="cve" id="2024-24787"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.22</summary>
  <description>This update for go1.22 fixes the following issues:

Update to go1.22.3:

- CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017)
- CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018)
- cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
- cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
- runtime: deterministic fallback hashes across process boundary
- net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places