Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-04-07 18:16:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.19" Fri Apr 7 18:16:16 2023 rev:12 rq:1077384 version:1.19.8 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes 2023-03-09 17:44:42.578578854 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.19717/go1.19.changes 2023-04-07 18:16:16.800529428 +0200 @@ -1,0 +2,21 @@ +Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.19.8 (released 2023-04-04) includes security fixes to the + go/parser, html/template, mime/multipart, net/http, and + net/textproto packages, as well as bug fixes to the linker, the + runtime, and the time package. + Refs boo#1200441 go1.19 release tracking + CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 + * go#59267 go#58975 boo#1210127 net/http, net/textproto: denial of service from excessive memory allocation â(CVE-2023-24534) + * go#59269 go#59153 boo#1210128 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) + * go#59273 go#59180 boo#1210129 go/parser: infinite loop in parsing (CVE-2023-24537) + * go#59271 go#59234 boo#1210130 html/template: backticks not treated as string delimiters (CVE-2023-24538) + * go#58937 cmd/go: timeout on darwin-amd64-race builder + * go#58939 runtime/pprof: TestLabelSystemstack due to sample with no location + * go#58941 internal/testpty: fails on some Linux machines due to incorrect error handling + * go#59050 cmd/link: linker fails on linux/amd64 when gcc's lto options are used + * go#59058 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation + * go#59074 time: time zone lookup using extend string makes wrong start time for non-DST zones + * go#59219 runtime: crash on linux-ppc64le + +------------------------------------------------------------------- Old: ---- go1.19.7.src.tar.gz New: ---- go1.19.8.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.19.spec ++++++ --- /var/tmp/diff_new_pack.CZ2fJa/_old 2023-04-07 18:16:17.464533252 +0200 +++ /var/tmp/diff_new_pack.CZ2fJa/_new 2023-04-07 18:16:17.468533276 +0200 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version: 1.19.7 +Version: 1.19.8 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.19.7.src.tar.gz -> go1.19.8.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.19/go1.19.7.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.19717/go1.19.8.src.tar.gz differ: char 120, line 1
