products/SLFO
SHA256
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
SLFO/patchinfo.20250207135102776966.90520734224245/_patchinfo

43 lines
2.0 KiB
Plaintext
Raw Blame History

<patchinfo incident="16">
<!-- generated from request(s) 360183, 360231, 360254 -->
<issue tracker="bnc" id="1218424">go1.22 release tracking</issue>
<issue tracker="bnc" id="1229122">go1.23 release tracking</issue>
<issue tracker="bnc" id="1236217">go1.24 release tracking</issue>
<issue tracker="bnc" id="1236801">VUL-0: CVE-2025-22866 go1.22,go1.23,go1.24: crypto/elliptic: timing sidechannel for P-256 on ppc64le</issue>
<issue tracker="bnc" id="1236839">VUL-0: CVE-2025-22867: go1.24: cmd/go: arbitrary code execution during build on darwin</issue>
<issue tracker="cve" id="2025-22866"/>
<issue tracker="cve" id="2025-22867"/>
<packager>jfkw</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for go1.24, go1.22, go1.23</summary>
<description>This update for go1.24, go1.22, go1.23 fixes the following issues:
go1.22:
- go1.22.12 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler and
the go command. (bsc#1218424)
* CVE-2025-22866: fix crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801)
* cmd/compile: broken write barrier
go1.23:
- go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler and
the go command. (bsc#1229122)
* CVE-2025-22866: fix crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801)
go1.24:
- go1.24rc3 (released 2024-02-05) is a release candidate version of
go1.24 cut from the master branch at the revision tagged
go1.24rc3.
(bsc#1236217)
* CVE-2025-22866: fix crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801)
* CVE-2025-22867: Fixed cmd/go: arbitrary code execution during build on darwin (bsc#1236839)
</description>
<package>go1.22</package>
<package>go1.23</package>
<package>go1.24</package>
<seperate_build_arch/>
</patchinfo>
Reference in New Issue View Git Blame Copy Permalink