File _patchinfo of Package patchinfo.32883
<patchinfo incident="32883"> <issue tracker="bnc" id="1219988">go1.20,go1.21,go1.22: ensure VERSION file is present in go1.x toolchain GOROOT</issue> <issue tracker="bnc" id="1220999">VUL-0: CVE-2024-24783 go1.21,go1.22: crypto/x509: Verify panics on certificates with an unknown public key algorithm</issue> <issue tracker="bnc" id="1212475">go1.21 release tracking</issue> <issue tracker="bnc" id="1221001">VUL-0: CVE-2023-45290 go1.21,go1.22: net/http: memory exhaustion in Request.ParseMultipartForm</issue> <issue tracker="bnc" id="1221002">VUL-0: CVE-2024-24784 go1.21,go1.22: net/mail: comments in display names are incorrectly handled</issue> <issue tracker="bnc" id="1221000">VUL-0: CVE-2023-45289 go1.21,go1.22: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect</issue> <issue tracker="bnc" id="1221003">VUL-0: CVE-2024-24785 go1.21,go1.22: html/template: errors returned from MarshalJSON methods may break template escaping</issue> <issue tracker="cve" id="2024-24785"/> <issue tracker="cve" id="2023-45289"/> <issue tracker="cve" id="2024-24784"/> <issue tracker="cve" id="2024-24783"/> <issue tracker="cve" id="2023-45290"/> <packager>jfkw</packager> <rating>important</rating> <category>security</category> <summary>Security update for go1.21</summary> <description>This update for go1.21 fixes the following issues: - Upgrade go to version 1.21.8 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) </description> </patchinfo>
