Overview

File _patchinfo of Package patchinfo.23788

<patchinfo incident="23788">
  <issue tracker="cve" id="2022-24675"/>
  <issue tracker="cve" id="2022-28327"/>
  <issue tracker="cve" id="2022-27536"/>  
  <issue tracker="bnc" id="1183043">go compilers need binutils-gold on aarch64 (and armv7)</issue>
  <issue tracker="bnc" id="1198423">VUL-0: CVE-2022-24675: go1.17,go1.18: encoding/pem: stack overflow</issue>
  <issue tracker="bnc" id="1198424">VUL-0: CVE-2022-28327: go1.17,go1.18: crypto/elliptic: tolerate all oversized scalars in generic P-256</issue>
  <issue tracker="bnc" id="1198427">VUL-0: CVE-2022-27536: go1.17,go1.18: crypto/x509: Certificate.Verify crash on macOS with Go 1.18</issue>
  <issue tracker="bnc" id="1193742">go1.18 release tracking</issue>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.18</summary>
  <description>This update for go1.18 fixes the following issues:

- CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423).
- CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424).
- CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427).
    
Bump go1.18 (bsc#1193742)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places