Overview

File _patchinfo of Package patchinfo.41879

<patchinfo incident="41879">
  <issue tracker="bnc" id="1245878">update-alternatives migration: go</issue>
  <issue tracker="bnc" id="1254430">VUL-0: CVE-2025-61727: go1.24,go1.25: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs</issue>
  <issue tracker="bnc" id="1254431">VUL-0: CVE-2025-61729: go1.24,go1.25: crypto/x509: excessive resource consumption in printing error string for host certificate validation</issue>
  <issue tracker="bnc" id="1244485">go1.25 release tracking</issue>
  <issue tracker="cve" id="2025-61727"/>
  <issue tracker="cve" id="2025-61729"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.25</summary>
  <description>This update for go1.25 fixes the following issues:

Update to version 1.25.5.

Security issues fixed:

- CVE-2025-61727: crypto/x509: excluded subdomain constraint in a certificate chain does not restrict the usage of
  wildcard SANs in leaf certificates (bsc#1254430).
- CVE-2025-61729: crypto/x509: excessive resource consumption when constructing error strings during host certificate
  validation (bsc#1254431).

Other issues fixed:
  
- go#76245: mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25.
- Packaging: migrate from update-alternatives to libalternatives (bsc#1245878).
- Fix runtime condition for gcc/gcc7 dependency.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places