Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80e46482 by Salvatore Bonaccorso at 2026-02-06T20:54:55+01:00
Update notes for CVE-2025-68121/go
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7902,6 +7902,11 @@ CVE-2025-68121 (During session resumption in crypto/tls,
if the underlying Confi
NOTE: https://github.com/golang/go/issues/77113
NOTE: Fixed by:
https://github.com/golang/go/commit/4be38528a68a8b0c4e101576df200c214ad49c26
(go1.25.6)
NOTE: Fixed by:
https://github.com/golang/go/commit/d0754e6242e70e171a888b6c5e0336bbf014e538
(go1.24.12)
+ NOTE: Followup/Documentation update:
https://github.com/golang/go/issues/77217
+ NOTE: https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
+ NOTE:
https://github.com/golang/go/commit/9f30ca9189831b8061a6ee46c0a2a331b4864559
(go1.26rc3)
+ NOTE:
https://github.com/golang/go/commit/c7d189e65c229a840c1e3e310cf4cd4ca0cb4e84
(go1.25.7)
+ NOTE:
https://github.com/golang/go/commit/6a501314718b6d69bad1723b3065ca6067b560ea
(go1.24.13)
CVE-2025-61726 (The net/url package does not set a limit on the number of
query parame ...)
- golang-1.25 1.25.6-1 (bug #1125916)
- golang-1.24 1.24.12-1 (bug #1125917)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e46482b3fb8c37dadd2eb8208189be2836ab3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e46482b3fb8c37dadd2eb8208189be2836ab3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
