* [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1
@ 2023-09-06 20:09 Christian Stewart via buildroot
2023-09-08 10:20 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Christian Stewart via buildroot @ 2023-09-06 20:09 UTC (permalink / raw)
To: buildroot
Cc: Christian Stewart, Anisse Astier, Thomas Petazzoni,
Yann E . MORIN
go1.21.1 (released 2023-09-06) includes four security fixes to the cmd/go,
crypto/tls, and html/template packages, as well as bug fixes to the compiler,
the go command, the linker, the runtime, and the context, crypto/tls,
encoding/gob, encoding/xml, go/types, net/http, os, and path/filepath packages.
Security fixes:
CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary execution
CVE-2023-39318: html/template: improper handling of HTML-like comments within script contexts
CVE-2023-39319: html/template: improper handling of special tags within script contexts
CVE-2023-39321: crypto/tls: panic when processing post-handshake message on QUIC connections
https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Christian Stewart <christian@aperture.us>
---
package/go/go.hash | 2 +-
package/go/go.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index 2289442a72..be8af438b3 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
# From https://go.dev/dl
-sha256 818d46ede85682dd551ad378ef37a4d247006f12ec59b5b755601d2ce114369a go1.21.0.src.tar.gz
+sha256 bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99 go1.21.1.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 04aa612256..aa5d7f97b5 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.21.0
+GO_VERSION = 1.21.1
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
--
2.42.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1
2023-09-06 20:09 [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1 Christian Stewart via buildroot
@ 2023-09-08 10:20 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2023-09-08 10:20 UTC (permalink / raw)
To: Christian Stewart
Cc: Thomas Petazzoni, Anisse Astier, Yann E . MORIN, buildroot
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
> go1.21.1 (released 2023-09-06) includes four security fixes to the cmd/go,
> crypto/tls, and html/template packages, as well as bug fixes to the compiler,
> the go command, the linker, the runtime, and the context, crypto/tls,
> encoding/gob, encoding/xml, go/types, net/http, os, and path/filepath packages.
> Security fixes:
> CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary execution
> CVE-2023-39318: html/template: improper handling of HTML-like comments within script contexts
> CVE-2023-39319: html/template: improper handling of special tags within script contexts
> CVE-2023-39321: crypto/tls: panic when processing post-handshake message on QUIC connections
> https://go.dev/doc/devel/release#go1.21.0
> Signed-off-by: Christian Stewart <christian@aperture.us>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-08 10:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-06 20:09 [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1 Christian Stewart via buildroot
2023-09-08 10:20 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox