This bug was fixed in the package golang-1.24 - 1.24.4-1ubuntu1~24.04.1
---------------
golang-1.24 (1.24.4-1ubuntu1~24.04.1) noble; urgency=medium
* Backport to Noble (LP: #2103780)
golang-1.24 (1.24.4-1) unstable; urgency=medium
* Team upload
* New upstream version 1.24.1
+ CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin
redirect (Closes: #1107364)
+ CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and
Windows
+ CVE 2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy
validation (Closes: #1107364)
+ CVE-2025-22873: os: Root permits access to parent directory (Closes:
#1104816)
* d/patches: Removed patch 0003 as it's already applied upstream now
-- Anshul Singh <[email protected]> Thu, 26 Jun 2025 13:16:04
+0530
** Changed in: golang-1.24 (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0913
** CVE added: https://cve.org/CVERecord?id=CVE-2025-22873
** CVE added: https://cve.org/CVERecord?id=CVE-2025-4673
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103780
Title:
[SRU] backport golang-1.24 to jammy, noble, oracular and plucky
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.24/+bug/2103780/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
