File _patchinfo of Package patchinfo.40463

<patchinfo incident="40463">
  <issue tracker="bnc" id="1244485">go1.25 release tracking</issue>
  <issue tracker="bnc" id="1248082">go1.22,go1.23, go1.24, go1.25: go1.x toolchain packages drop unused gccgo bootstrap code now used only by go1.21</issue>
  <issue tracker="bnc" id="1249141">VUL-0: CVE-2025-47910: go1.25: net/http: CrossOriginProtection bypass patterns are over-broad</issue>
  <issue tracker="bnc" id="1247816">go1.21,go1.22,go1.23: go1.x toolchain packages shorten bootstrap chain to go1.21 bootstrapped with gccgo</issue>
  <issue tracker="cve" id="2025-47910"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.25</summary>
  <description>This update for go1.25 fixes the following issues:

Update to go1.25.1, released 2025-09-03 (bsc#1244485).

Security issues fixed:

- CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141).

Other issues fixed:
  
- go#74822 cmd/go: "get toolchain@latest" should ignore release candidates.
- go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets.
- go#75008 os/exec: TestLookPath fails on plan9 after CL 685755.
- go#75021 testing/synctest: bubble not terminating.
- go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles.
</description>
</patchinfo>