Hello community, here is the log from the commit of package go1.14 for openSUSE:Factory checked in at 2020-08-12 10:19:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.14 (Old) and /work/SRC/openSUSE:Factory/.go1.14.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.14" Wed Aug 12 10:19:17 2020 rev:8 rq:824741 version:1.14.7 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.14/go1.14.changes 2020-07-21 15:45:49.451956465 +0200 +++ /work/SRC/openSUSE:Factory/.go1.14.new.3399/go1.14.changes 2020-08-12 10:20:05.395662157 +0200 @@ -1,0 +2,10 @@ +Thu Aug 6 19:23:18 UTC 2020 - Jeff Kowalczyk <[email protected]> + +- go1.14.7 (released 2020-08-06) includes security fixes to the + encoding/binary package. + CVE-2020-16845 + Refs boo#1164903 go1.14 release tracking + * boo#1174977 CVE-2020-16845 + * go#40619 encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs + +------------------------------------------------------------------- Old: ---- go1.14.6.src.tar.gz New: ---- go1.14.7.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.14.spec ++++++ --- /var/tmp/diff_new_pack.zc4BoL/_old 2020-08-12 10:20:10.643664740 +0200 +++ /var/tmp/diff_new_pack.zc4BoL/_new 2020-08-12 10:20:10.647664742 +0200 @@ -135,7 +135,7 @@ %endif Name: go1.14 -Version: 1.14.6 +Version: 1.14.7 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.14.6.src.tar.gz -> go1.14.7.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.14/go1.14.6.src.tar.gz /work/SRC/openSUSE:Factory/.go1.14.new.3399/go1.14.7.src.tar.gz differ: char 15, line 1
