Overview

File _patchinfo of Package patchinfo.25836

<patchinfo incident="25836">
  <issue tracker="bnc" id="1203186">VUL-0: CVE-2022-32190: go1.19: net/url: JoinPath does not strip relative path components in all circumstances</issue>
  <issue tracker="bnc" id="1203185">VUL-0: CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY</issue>
  <issue tracker="bnc" id="1200441">go1.19 release tracking</issue>
  <issue tracker="cve" id="2022-32190"/>
  <issue tracker="cve" id="2022-27664"/>
  <packager>jfkw</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for go1.19</summary>
  <description>This update for go1.19 fixes the following issues:

Update to go version 1.19.1 (bsc#1200441):

- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
- CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places