Ah, xzutils issue is CVE-2024-3094, so hopefully unrelated. On March 31, 2024 4:27:45 a.m. PDT, Russtopia! <rma...@gmail.com> wrote: >xz backdoor? Someone independently stumbled on it so do we all need to >distrust our Go binaries until this is released? Embargo on this CVE may have >been (accidentally) busted. > >https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b > >On March 29, 2024 2:40:07 p.m. PDT, annou...@golang.org wrote: >>Hello gophers, >> >>We plan to issue Go 1.22.2 and Go 1.21.9 during US business hours on >>Wednesday, April 3. >> >>These minor releases include PRIVATE security fixes to the standard library, >>covering the following CVE: >> >>- CVE-2023-45288 >> >>Following our security policy, this is the pre-announcement of those releases. >> >>Thanks, >>Than and Dmitri for the Go team >> >>-- >>You received this message because you are subscribed to the Google Groups >>"golang-nuts" group. >>To unsubscribe from this group and stop receiving emails from it, send an >>email to golang-nuts+unsubscr...@googlegroups.com. >>To view this discussion on the web visit >>https://groups.google.com/d/msgid/golang-nuts/aALo8CEjSde7JcBYKiKpaQ%40geopod-ismtpd-4.
-- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/10CAD9C1-51CB-488B-8331-C11DAAD4D942%40gmail.com.
