VUL-0: CVE-2024-45341: go1.22,go1.23: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints VUL-0: CVE-2024-45336: go1.22,go1.23: net/http: sensitive headers incorrectly sent after cross-domain redirect go1.24 release tracking VUL-0: CVE-2024-45340: go1.24: cmd/go: GOAUTH credential leak VUL-0: CVE-2025-22865: go1.24: crypto/x509: ParsePKCS1PrivateKey panic with partial keys jfkw moderate security

Security update for go1.24

This update for go1.24 fixes the following issues: - go1.24rc2 (released 2024-01-16) is a release candidate version of go1.24 cut from the master branch at the revision tagged go1.24rc2. Refs bsc#1236217 go1.24 release tracking CVE-2024-45341 CVE-2024-45336 CVE-2025-22865 CVE-2024-45340 * go#71209 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: properly check for IPv6 hosts in URIs * go#71212 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: persist header stripping across repeated redirects * go#71216 bsc#1236361 security: fix CVE-2025-22865 crypto/x509: avoid panic when parsing partial PKCS#1 private keys * go#71249 bsc#1236360 security: fix CVE-2024-45340 cmd/go: restore netrc preferences for GOAUTH and fix domain lookup - go1.24rc1 (released 2024-12-13) is a release candidate version of go1.24 cut from the master branch at the revision tagged go1.24rc1. Refs bsc#1236217 go1.24 release tracking * go1.24 requires the final point release of go1.22 or later for bootstrap. go1.24