Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.15 for openSUSE:Factory checked in at 2021-06-21 20:34:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.15 (Old) and /work/SRC/openSUSE:Factory/.go1.15.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.15" Mon Jun 21 20:34:48 2021 rev:13 rq:900523 version:1.15.13 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.15/go1.15.changes 2021-05-10 15:34:11.178791826 +0200 +++ /work/SRC/openSUSE:Factory/.go1.15.new.2625/go1.15.changes 2021-06-21 20:34:50.230572678 +0200 @@ -1,0 +2,23 @@ +Thu Jun 3 22:46:45 UTC 2021 - Jeff Kowalczyk <[email protected]> + +- go1.15.13 (released 2021-06-03) includes security fixes to the + archive/zip, math/big, net, and net/http/httputil packages, as + well as bug fixes to the linker, the go command, and the math/big + and net/http packages. + CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 + Refs boo#1175132 go1.15 release tracking + * boo#1187443 go#46241 CVE-2021-33195 + * go#46356 net: Lookup functions may return invalid host names + * go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve + * boo#1186622 go#46242 CVE-2021-33196 + * go#46396 archive/zip: malformed archive may cause panic or memory exhaustion + * boo#1187444 go#46313 CVE-2021-33197 + * go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty + * boo#1187445 go#45910 CVE-2021-33198 + * go#46305 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" + * go#46143 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version + * go#46127 cmd/link: internal error when externally linking very large binaries + * go#46002 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE + * go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128 + +------------------------------------------------------------------- Old: ---- go1.15.12.src.tar.gz New: ---- go1.15.13.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.15.spec ++++++ --- /var/tmp/diff_new_pack.0mBfzP/_old 2021-06-21 20:34:50.874573285 +0200 +++ /var/tmp/diff_new_pack.0mBfzP/_new 2021-06-21 20:34:50.874573285 +0200 @@ -135,7 +135,7 @@ %endif Name: go1.15 -Version: 1.15.12 +Version: 1.15.13 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.15.12.src.tar.gz -> go1.15.13.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.15/go1.15.12.src.tar.gz /work/SRC/openSUSE:Factory/.go1.15.new.2625/go1.15.13.src.tar.gz differ: char 143, line 1
