guix_mirror_bot pushed a commit to branch go-team
in repository guix.
commit 39a1e1bcfadaa633197c39c8d529c884bedf0f65
Author: Ankit Gadiya <[email protected]>
AuthorDate: Wed Jun 3 23:40:55 2026 +0530
gnu: go-1.25: Update to 1.25.11 [security-fixes]
go1.25.11 (released 2026-06-03) includes security fixes to the
mine, net/textproto, and crypto/x509 packages.
See: <https://github.com/golang/go/milestone/436>,
<https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw>.
Contains fixes for:
CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader
CVE-2026-42507: net/textproto: arbitrary input are included in errors
without any escaping
CVE-2026-27145: crypto/x509: split candidate hostname only once
* gnu/packages/golang.scm (go-1.25): Update to 1.25.11.
Merges: guix/guix!9133
Change-Id: I9e179c511f6cdb942fdb8e65b166c6b87f128129
Signed-off-by: Sharlatan Hellseher <[email protected]>
---
gnu/packages/golang.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index d05dceb1d7..e0dd88bf5b 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1087,7 +1087,7 @@ in the style of communicating sequential processes
(@dfn{CSP}).")
(package
(inherit go-1.24)
(name "go")
- (version "1.25.10")
+ (version "1.25.11")
(source
(origin
(method git-fetch)
@@ -1096,7 +1096,7 @@ in the style of communicating sequential processes
(@dfn{CSP}).")
(commit (string-append "go" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1jy7pfpmd9biqrkpys5f4mw73lh7zx9545z0qsml2nn4g69awl48"))))
+ (base32 "0l9z57fzjca7z038yxkkxc42f18hcnznbfd3cq4ipng9cp5l2zfc"))))
(arguments
(substitute-keyword-arguments (package-arguments go-1.24)
((#:phases phases)
