From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Christian Stewart via buildroot <buildroot@buildroot.org>
Cc: Anisse Astier <anisse@astier.eu>,
Christian Stewart <christian@aperture.us>,
"Yann E . MORIN" <yann.morin.1998@free.fr>
Subject: Re: [Buildroot] [PATCH 1/1] package/go: security bump to version 1.20.8
Date: Fri, 8 Sep 2023 22:24:07 +0200 [thread overview]
Message-ID: <20230908222407.1740ce1f@windsurf> (raw)
In-Reply-To: <20230906201358.2714756-1-christian@aperture.us>
On Wed, 6 Sep 2023 13:13:58 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
> package, as well as bug fixes to the compiler, the go command, the runtime, and
> the crypto/tls, go/types, net/http, and path/filepath packages.
>
> CVE-2023-39318: html/template: improper handling of HTML-like comments within script contexts
> CVE-2023-39319: html/template: improper handling of special tags within script contexts
> CVE-2023-39321: crypto/tls: panic when processing post-handshake message on QUIC connections
>
> https://go.dev/doc/devel/release#go1.20.0
>
> Signed-off-by: Christian Stewart <christian@aperture.us>
This is not relevant for the master branch, which already has 1.21.1.
However, this patch is applicable to 2023.08.x. For 2023.05.x and
2023.02.x, the 1.19.x series is used, so we would need an updated to
1.19.13 I believe.
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-09-08 20:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 20:13 [Buildroot] [PATCH 1/1] package/go: security bump to version 1.20.8 Christian Stewart via buildroot
2023-09-08 20:24 ` Thomas Petazzoni via buildroot [this message]
2023-09-14 18:22 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908222407.1740ce1f@windsurf \
--to=buildroot@buildroot.org \
--cc=anisse@astier.eu \
--cc=christian@aperture.us \
--cc=thomas.petazzoni@bootlin.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox