[ubuntu/noble-updates] golang-1.22 1.22.2-2ubuntu0.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Jun 19 01:28:47 UTC 2025
golang-1.22 (1.22.2-2ubuntu0.4) noble-security; urgency=medium
* SECURITY UPDATE: leak sensitive headers when handling redirect
requests.
- debian/patches/CVE-2024-45336.patch: net/http: persist header
stripping across repeated redirects.
- CVE-2024-45336
* SECURITY UPDATE: IPv6 zone IDs can bypass URI name constraints.
- debian/patches/CVE-2024-45341.patch: crypto/x509: properly
check for IPv6 hosts in URIs.
- CVE-2024-45341
* SECURITY UPDATE: information bit leak on ppc64le architecture.
- debian/patches/CVE-2025-22866.patch: crypto/internal/fips140/nistec:
make p256NegCond constant time on ppc64le.
- CVE-2025-22866
* SECURITY UPDATE: denial of service issue by improperly treating an IPv6
zone ID as a hostname component.
- debian/patches/CVE-2025-22870.patch: http/httpproxy: do not mismatch
IPv6 zone ids against hosts.
- CVE-2025-22870
* SECURITY UPDATE: leak sensitive information on redirects outside of
the original domain.
- debian/patches/CVE-2025-4673.patch: net/http: strip sensitive proxy
headers from redirect requests.
- CVE-2025-4673
* BUILD UPDATE: tls certificate expired during building and testing.
- debian/patches/fix-config-time-tests-using-expired-certs.patch:
crypto/tls: fix Config.Time in tests using expired certificates.
Date: 2025-06-17 06:12:12.716957+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list