Hello community, here is the log from the commit of package go1.13 for openSUSE:Factory checked in at 2020-08-12 10:19:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.13 (Old) and /work/SRC/openSUSE:Factory/.go1.13.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.13" Wed Aug 12 10:19:03 2020 rev:12 rq:824739 version:1.13.15 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.13/go1.13.changes 2020-07-21 15:45:27.591927640 +0200 +++ /work/SRC/openSUSE:Factory/.go1.13.new.3399/go1.13.changes 2020-08-12 10:19:24.747642151 +0200 @@ -1,0 +2,10 @@ +Thu Aug 6 19:23:18 UTC 2020 - Jeff Kowalczyk <[email protected]> + +- go1.13.15 (released 2020/08/06) includes security fixes to the + encoding/binary package. + CVE-2020-16845 + Refs boo#1149259 go1.13 release tracking + * boo#1174977 CVE-2020-16845 + * go#40620 encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs + +------------------------------------------------------------------- Old: ---- go1.13.14.src.tar.gz New: ---- go1.13.15.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.13.spec ++++++ --- /var/tmp/diff_new_pack.0S6feM/_old 2020-08-12 10:19:30.351644909 +0200 +++ /var/tmp/diff_new_pack.0S6feM/_new 2020-08-12 10:19:30.355644911 +0200 @@ -120,7 +120,7 @@ %endif Name: go1.13 -Version: 1.13.14 +Version: 1.13.15 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.13.14.src.tar.gz -> go1.13.15.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.13/go1.13.14.src.tar.gz /work/SRC/openSUSE:Factory/.go1.13.new.3399/go1.13.15.src.tar.gz differ: char 15, line 1
