File _patchinfo of Package patchinfo.42620

<patchinfo incident="42620">
  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
  <issue tracker="bnc" id="1256820">VUL-0: CVE-2025-68119: go1.24,go1.25: cmd/go: unexpected code execution when invoking toolchain</issue>
  <issue tracker="bnc" id="1256818">VUL-0: CVE-2025-68121: go1.24,go1.25: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain</issue>
  <issue tracker="bnc" id="1257692">VUL-0: CVE-2025-61732: go1.24,go1.25: cmd/cgo: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling</issue>
  <issue tracker="cve" id="2025-68119"/>
  <issue tracker="cve" id="2025-68121"/>
  <issue tracker="cve" id="2025-61732"/>
  <packager>jfkw</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for go1.24</summary>
  <description>This update for go1.24 fixes the following issues:

Update to version 1.24.13.

Security issues fixed:

- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
  not account for the expiration of full certificate chain (bsc#1256818).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).

Other updates and bugfixes:

- version update to 1.24.13:

  * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
  * go#77424 crypto/tls: CL 737700 broke session resumption on macOS
</description>
</patchinfo>