Overview

File _patchinfo of Package patchinfo.23734

<patchinfo incident="23734">
  <issue tracker="bnc" id="1198424">VUL-0: CVE-2022-28327: go1.17,go1.18: crypto/elliptic: tolerate all oversized scalars in generic P-256</issue>
  <issue tracker="bnc" id="1198423">VUL-0: CVE-2022-24675: go1.17,go1.18: encoding/pem: stack overflow</issue>
  <issue tracker="bnc" id="1190649">go1.17 release tracking</issue>
  <issue tracker="cve" id="2022-24675"/>
  <issue tracker="cve" id="2022-28327"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.17</summary>
  <description>This update for go1.17 fixes the following issues:

- Updated to version 1.17.9 (bsc#1190649):
  - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423).
  - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the
    crypto/elliptic module (bsc#1198424).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places