File _patchinfo of Package patchinfo.35339

<patchinfo incident="35339">
  <issue tracker="jsc" id="SLE-18320"/>
  <issue tracker="jsc" id="PED-1962"/>
  <issue tracker="bnc" id="1221001">VUL-0: CVE-2023-45290 go1.21,go1.22: net/http: memory exhaustion in Request.ParseMultipartForm</issue>
  <issue tracker="bnc" id="1221002">VUL-0: CVE-2024-24784 go1.21,go1.22: net/mail: comments in display names are incorrectly handled</issue>
  <issue tracker="bnc" id="1221003">VUL-0: CVE-2024-24785 go1.21,go1.22: html/template: errors returned from MarshalJSON methods may break template escaping</issue>
  <issue tracker="bnc" id="1212475">go1.21 release tracking</issue>
  <issue tracker="bnc" id="1220999">VUL-0: CVE-2024-24783 go1.21,go1.22: crypto/x509: Verify panics on certificates with an unknown public key algorithm</issue>
  <issue tracker="bnc" id="1221400">VUL-0: CVE-2023-45288: go1.21,go1.22: net/http, x/net/http2: close connections when receiving too many headers</issue>
  <issue tracker="bnc" id="1224017">VUL-0: CVE-2024-24787: go1.21,go1.22: cmd/go: arbitrary code execution during build on darwin</issue>
  <issue tracker="bnc" id="1219988">go1.20,go1.21,go1.22: ensure VERSION file is present in go1.x toolchain GOROOT</issue>
  <issue tracker="bnc" id="1225973">VUL-0: CVE-2024-24789: go1.21,go1.22: archive/zip: mishandling of corrupt central directory record</issue>
  <issue tracker="bnc" id="1225974">VUL-0: CVE-2024-24790: go1.21,go1.22: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses</issue>
  <issue tracker="bnc" id="1227314">VUL-0: CVE-2024-24791 go1.21,go1.22: net/http: denial of service due to improper 100-continue handling</issue>
  <issue tracker="bnc" id="1221000">VUL-0: CVE-2023-45289 go1.21,go1.22: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect</issue>
  <issue tracker="cve" id="2023-45288"/>
  <issue tracker="cve" id="2024-24790"/>
  <issue tracker="cve" id="2024-24789"/>
  <issue tracker="cve" id="2023-45290"/>
  <issue tracker="cve" id="2024-24787"/>
  <issue tracker="cve" id="2024-24783"/>
  <issue tracker="cve" id="2024-24791"/>
  <issue tracker="cve" id="2024-24785"/>
  <issue tracker="cve" id="2024-24784"/>
  <issue tracker="cve" id="2023-45289"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.21-openssl</summary>
  <description>This update for go1.21-openssl fixes the following issues:
  
- CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314)
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973)
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974)
- CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400)
- CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) 
- CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001)
- CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999)
- CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002)
- CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003)

Other fixes:
- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320)
- Update to version 1.21.13 (bsc#1212475)
- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962)
- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988)
</description>
</patchinfo>