Overview
Request 1131275 accepted
- go1.21.5 (released 2023-12-05) includes security fixes to the go
command, and the net/http and path/filepath packages, as well as
bug fixes to the compiler, the go command, the runtime, and the
crypto/rand, net, os, and syscall packages.
Refs boo#1212475 go1.21 release tracking
CVE-2023-45285 CVE-2023-45284 CVE-2023-39326
* go#63973 go#63845 boo#1217834 security: fix CVE-2023-45285 cmd/go: git VCS qualifier in module path uses git:// scheme
* go#64041 go#63713 boo#1216943 security: fix CVE-2023-45284 path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4
* go#64435 go#64433 boo#1217833 security: fix CVE-2023-39326 net/http: limit chunked data overhead
* go#62055 cmd/go: go mod download needs to support toolchain upgrades
* go#63743 cmd/compile: invalid pointer found on stack when compiled with -race
* go#63764 os: NTFS deduped file changed from regular to irregular
* go#63801 net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1
* go#63984 cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
* go#63994 syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
* go#64073 runtime: self-deadlock on mheap_.lock
* go#64413 crypto/rand: Legacy RtlGenRandom use on Windows (forwarded request 1131273 from jfkw)
Request History
jfkw created request
- go1.21.5 (released 2023-12-05) includes security fixes to the go
command, and the net/http and path/filepath packages, as well as
bug fixes to the compiler, the go command, the runtime, and the
crypto/rand, net, os, and syscall packages.
Refs boo#1212475 go1.21 release tracking
CVE-2023-45285 CVE-2023-45284 CVE-2023-39326
* go#63973 go#63845 boo#1217834 security: fix CVE-2023-45285 cmd/go: git VCS qualifier in module path uses git:// scheme
* go#64041 go#63713 boo#1216943 security: fix CVE-2023-45284 path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4
* go#64435 go#64433 boo#1217833 security: fix CVE-2023-39326 net/http: limit chunked data overhead
* go#62055 cmd/go: go mod download needs to support toolchain upgrades
* go#63743 cmd/compile: invalid pointer found on stack when compiled with -race
* go#63764 os: NTFS deduped file changed from regular to irregular
* go#63801 net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1
* go#63984 cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
* go#63994 syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
* go#64073 runtime: self-deadlock on mheap_.lock
* go#64413 crypto/rand: Legacy RtlGenRandom use on Windows (forwarded request 1131273 from jfkw)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:E"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
darix accepted review
Accepted review for by_group opensuse-review-team request 1131275 from user anag+factory
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.