File _patchinfo of Package patchinfo.24478

<patchinfo incident="24478">
  <issue tracker="bnc" id="1190649">go1.17 release tracking</issue>
  <issue tracker="bnc" id="1200134">VUL-0: CVE-2022-30634: go1.17,go1.18: crypto/rand: rand.Read hangs with extremely large buffers</issue>
  <issue tracker="bnc" id="1200135">VUL-0: CVE-2022-30629: go1.17,go1.18: crypto/tls: session tickets lack random ticket_age_add</issue>
  <issue tracker="bnc" id="1200136">VUL-0: CVE-2022-30580: go1.17,go1.18: os/exec: empty Cmd.Path can result in running unintended binary on Windows</issue>
  <issue tracker="bnc" id="1200137">VUL-0: CVE-2022-29804: go1.17,go1.18: path/filepath: Clean(`.\c:`) returns `c:` on Windows</issue>
  <issue tracker="cve" id="2022-29804"/>
  <issue tracker="cve" id="2022-30629"/>
  <issue tracker="cve" id="2022-30580"/>
  <issue tracker="cve" id="2022-30634"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.17</summary>
  <description>This update for go1.17 fixes the following issues:

Update to go1.17.11 (released 2022-06-01) (bsc#1190649):

- CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134).
- CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135).
- CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137).
- CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136).
</description>
</patchinfo>