Overview

File _patchinfo of Package patchinfo.40093

<patchinfo incident="40093">
  <issue tracker="bnc" id="1247719">VUL-0: CVE-2025-47906: go1.23,go1.24,go1.25: os/exec: LookPath may return unexpected paths</issue>
  <issue tracker="bnc" id="1247720">VUL-0: CVE-2025-47907: go1.23,go1.24,go1.25: database/sql: incorrect results returned from Rows.Scan</issue>
  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
  <issue tracker="cve" id="2025-47906"/>
  <issue tracker="cve" id="2025-47907"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.24</summary>
  <description>This update for go1.24 fixes the following issues:

- Update to go1.24.6: 
  * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719)
  * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720)
  * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not
  * go#74416 runtime: use-after-free of allpSnapshot in findRunnable
  * go#74694 runtime: segfaults in runtime.(*unwinder).next
  * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places