File _patchinfo of Package patchinfo.42880

<patchinfo incident="42880">
  <!--generated  with prepare-update from request 402177-->
  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
  <issue tracker="bnc" id="1256818">VUL-0: CVE-2025-68121: go1.24,go1.25: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain</issue>
  <issue tracker="bnc" id="1256820">VUL-0: CVE-2025-68119: go1.24,go1.25: cmd/go: unexpected code execution when invoking toolchain</issue>
  <issue tracker="bnc" id="1257692">VUL-0: CVE-2025-61732: go1.24,go1.25: cmd/cgo: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling</issue>
  <issue tracker="cve" id="2025-61732"/>
  <issue tracker="cve" id="2025-68119"/>
  <issue tracker="cve" id="2025-68121"/>
  <issue tracker="jsc" id="SLE-18320"/>
  <category>security</category>
  <rating>critical</rating>
  <packager>jfkw</packager>
  <summary>Security update for go1</summary>
  <description>This update for go1 fixes the following issues:

Update to version 1.24.13 (jsc#SLE-18320, bsc#1236217).

Security issues fixed:

- CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
  not account for the expiration of full certificate chain (bsc#1256818).

Other updates and bugfixes:
  
- go#77322 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
- go#77424 crypto/tls: CL 737700 broke session resumption on macOS
</description>
</patchinfo>