Overview

File _patchinfo of Package patchinfo.40679

<patchinfo incident="40679">
  <issue tracker="jsc" id="SLE-18320"/>
  <issue tracker="bnc" id="1249141">VUL-0: CVE-2025-47910: go1.25: net/http: CrossOriginProtection bypass patterns are over-broad</issue>
  <issue tracker="bnc" id="1244485">go1.25 release tracking</issue>
  <issue tracker="cve" id="2025-47910"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.25-openssl</summary>
  <description>This update for go1.25-openssl fixes the following issues:

Update to version 1.25.1, released 2025-09-03 (bsc#1244485). 
  
Security issues fixed:

  - CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141).
  
 Other issues fixed:

  - go#74822 cmd/go: "get toolchain@latest" should ignore release candidates
  - go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets
  - go#75008 os/exec: TestLookPath fails on plan9 after CL 685755
  - go#75021 testing/synctest: bubble not terminating
  - go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places