This bug was fixed in the package golang-1.23 - 1.23.1-1
Sponsored for Shengjing Zhu (zhsj)
---------------
golang-1.23 (1.23.1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.23.1
+ CVE-2024-34155: go/parser: stack exhaustion in all Parse* functions
+ CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
+ CVE-2024-34158: go/build/constraint: stack exhaustion in Parse
-- Shengjing Zhu <[email protected]> Mon, 09 Sep 2024 16:26:12 +0800
** Changed in: golang-1.23 (Ubuntu)
Assignee: (unassigned) => Graham Inggs (ginggs)
** Changed in: golang-1.23 (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30635
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-34155
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-34158
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2080209
Title:
Sync golang-1.23 1.23.1-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.23/+bug/2080209/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
