Overview

File _patchinfo of Package patchinfo.20763

<patchinfo incident="20763">
  <issue tracker="cve" id="2021-36221"/>
  <issue tracker="bnc" id="1182345">go1.16 release tracking</issue>
  <issue tracker="bnc" id="1189162">VUL-0: CVE-2021-36221: go1.16,go1.15: go: net/http: panic due to racy read of persistConn after handler panic</issue>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.16</summary>
  <description>This update for go1.16 fixes the following issues:

Update to go1.16.7:

- go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162)
- go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
- go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
- go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
- go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
- go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
- go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
- go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places