From da01336c1de1774222eb3afdf64cd2050a2811474a61eb4c8bae371a6c8e63ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Mon, 27 Jan 2025 10:45:49 +0100
Subject: [PATCH] Adding patchinfo
 patchinfo.20250124124853673483.269002615871826

---
 .../_patchinfo                                | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 patchinfo.20250124124853673483.269002615871826/_patchinfo

diff --git a/patchinfo.20250124124853673483.269002615871826/_patchinfo b/patchinfo.20250124124853673483.269002615871826/_patchinfo
new file mode 100644
index 0000000..a7e9eb9
--- /dev/null
+++ b/patchinfo.20250124124853673483.269002615871826/_patchinfo
@@ -0,0 +1,37 @@
+<patchinfo>
+  <!-- generated from request(s) 359009 -->
+  <issue tracker="bnc" id="1236045">VUL-0: CVE-2024-45341: go1.22,go1.23: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints</issue>
+  <issue tracker="bnc" id="1236046">VUL-0: CVE-2024-45336: go1.22,go1.23: net/http: sensitive headers incorrectly sent after cross-domain redirect</issue>
+  <issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
+  <issue tracker="bnc" id="1236360">VUL-0: CVE-2024-45340: go1.24: cmd/go: GOAUTH credential leak</issue>
+  <issue tracker="bnc" id="1236361">VUL-0: CVE-2025-22865: go1.24: crypto/x509: ParsePKCS1PrivateKey panic with partial keys</issue>
+  <issue tracker="cve" id="2024-45336"/>
+  <issue tracker="cve" id="2024-45340"/>
+  <issue tracker="cve" id="2024-45341"/>
+  <issue tracker="cve" id="2025-22865"/>
+  <packager>jfkw</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for go1.24</summary>
+  <description>This update for go1.24 fixes the following issues:
+
+- go1.24rc2 (released 2024-01-16) is a release candidate version of
+  go1.24 cut from the master branch at the revision tagged
+  go1.24rc2.
+  Refs bsc#1236217 go1.24 release tracking
+  CVE-2024-45341 CVE-2024-45336 CVE-2025-22865 CVE-2024-45340
+  * go#71209 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: properly check for IPv6 hosts in URIs
+  * go#71212 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: persist header stripping across repeated redirects
+  * go#71216 bsc#1236361 security: fix CVE-2025-22865 crypto/x509: avoid panic when parsing partial PKCS#1 private keys
+  * go#71249 bsc#1236360 security: fix CVE-2024-45340 cmd/go: restore netrc preferences for GOAUTH and fix domain lookup
+
+- go1.24rc1 (released 2024-12-13) is a release candidate version of
+  go1.24 cut from the master branch at the revision tagged
+  go1.24rc1.
+  Refs bsc#1236217 go1.24 release tracking
+  * go1.24 requires the final point release of go1.22 or later
+    for bootstrap.
+</description>
+  <package>go1.24</package>
+  <seperate_build_arch/>
+</patchinfo>