File _patchinfo of Package patchinfo.29305
<patchinfo incident="29305">
<issue tracker="bnc" id="1212075">VUL-0: CVE-2023-29404: go1.19,go1.20: cmd/go: improper sanitization of LDFLAGS</issue>
<issue tracker="bnc" id="1212076">VUL-0: CVE-2023-29405: go1.19,go1.20: cmd/go: improper sanitization of LDFLAGS</issue>
<issue tracker="bnc" id="1212074">VUL-0: CVE-2023-29403: go1.19,go1.20: runtime: unexpected behavior of setuid/setgid binaries</issue>
<issue tracker="bnc" id="1206346">go1.20 release tracking</issue>
<issue tracker="bnc" id="1212073">VUL-0: CVE-2023-29402: go1.19,go1.20: cmd/go: cgo code injection</issue>
<issue tracker="cve" id="2023-29404"/>
<issue tracker="cve" id="2023-29403"/>
<issue tracker="cve" id="2023-29402"/>
<issue tracker="cve" id="2023-29405"/>
<packager>jfkw</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for go1.20</summary>
<description>This update for go1.20 fixes the following issues:
Update to go1.20.5 (bsc#1206346):
- CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073).
- CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074).
- CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075).
- CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076).
</description>
</patchinfo>
