[Bug 2015339] Re: Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)

Graham Inggs 2015339 at bugs.launchpad.net
Wed Apr 5 11:23:21 UTC 2023 

This bug was fixed in the package golang-1.20 - 1.20.3-1
Sponsored for Shengjing Zhu (zhsj)

---------------
golang-1.20 (1.20.3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.3
    + CVE-2023-24537: go/parser: infinite loop in parsing
    + CVE-2023-24538: html/template: backticks not treated as string delimiters
    + CVE-2023-24534: net/http, net/textproto: denial of service from excessive
      memory allocation
    + CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
      service from excessive resource consumption

 -- Shengjing Zhu <zhsj at debian.org>  Wed, 05 Apr 2023 02:04:08 +0800

** Changed in: golang-1.20 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24534

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24536

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24537

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24538

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.20 in Ubuntu.
https://bugs.launchpad.net/bugs/2015339

Title:
  Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)

Status in golang-1.20 package in Ubuntu:
  Fix Released

Bug description:
  Please sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)

  Changelog entries since current lunar version 1.20.2-1:

  golang-1.20 (1.20.3-1) unstable; urgency=medium

    * Team upload
    * New upstream version 1.20.3
      + CVE-2023-24537: go/parser: infinite loop in parsing
      + CVE-2023-24538: html/template: backticks not treated as string delimiters
      + CVE-2023-24534: net/http, net/textproto: denial of service from excessive
        memory allocation
      + CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
        service from excessive resource consumption

   -- Shengjing Zhu <zhsj at debian.org>  Wed, 05 Apr 2023 02:04:08 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.20/+bug/2015339/+subscriptions

More information about the foundations-bugs mailing list