Overview

File _patchinfo of Package patchinfo.42887

<patchinfo incident="42887">
  <issue tracker="jsc" id="SLE-18320"/>
  <issue tracker="bnc" id="1257692"/>
  <issue tracker="bnc" id="1256818"/>
  <issue tracker="cve" id="2025-68121"/>
  <issue tracker="cve" id="2025-61732"/>
  <packager>jfkw</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for go1.25-openssl</summary>
  <description>This update for go1.25-openssl fixes the following issues:

Update to version 1.25.7.

Security issues fixed:

- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
  not account for the expiration of full certificate chain (bsc#1256818).

Other updates and bugfixes:

- version update to 1.25.7:

  * go#75844 cmd/compile: OOM killed on linux/arm64
  * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
  * go#77425 crypto/tls: CL 737700 broke session resumption on macOS
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places