Overview

File _patchinfo of Package patchinfo.42622

<patchinfo incident="42622">
  <issue tracker="bnc" id="1256818">VUL-0: CVE-2025-68121: go1.24,go1.25: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain</issue>
  <issue tracker="bnc" id="1257692">VUL-0: CVE-2025-61732: go1.24,go1.25: cmd/cgo: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling</issue>
  <issue tracker="bnc" id="1244485">go1.25 release tracking</issue>
  <issue tracker="cve" id="2025-68121"/>
  <issue tracker="cve" id="2025-61732"/>
  <packager>jfkw</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for go1.25</summary>
  <description>This update for go1.25 fixes the following issues:


Update to version 1.25.7.

Security issues fixed:

- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
  not account for the expiration of full certificate chain (bsc#1256818).

Other updates and bugfixes:

- version update to 1.25.7:

  * go#75844 cmd/compile: OOM killed on linux/arm64
  * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
  * go#77425 crypto/tls: CL 737700 broke session resumption on macOS
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places