File _patchinfo of Package patchinfo.41855

<patchinfo incident="41855">
  <issue tracker="bnc" id="1254431">VUL-0: CVE-2025-61729: go1.24,go1.25: crypto/x509: excessive resource consumption in printing error string for host certificate validation</issue>
  <issue tracker="bnc" id="1245878">update-alternatives migration: go</issue>
  <issue tracker="bnc" id="1254430">VUL-0: CVE-2025-61727: go1.24,go1.25: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs</issue>
  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
  <issue tracker="cve" id="2025-61729"/>
  <issue tracker="cve" id="2025-61727"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.24</summary>
  <description>This update for go1.24 fixes the following issues:

go1.24.11 (released 2025-12-02) includes two security fixes to
the crypto/x509 package, as well as bug fixes to the runtime.  (bsc#1236217)

CVE-2025-61727 CVE-2025-61729:

  * go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation
  * go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN

  * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores

- Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878)
  * This is an optional migration controlled via prjconf definition
    with_libalternatives
  * If with_libalternatives is not defined packaging continues to
    use update-alternatives
</description>
</patchinfo>