Information on source package golang-1.20

Available versions

ReleaseVersion
sid1.20.5-1

Resolved issues

BugDescription
CVE-2023-29405cmd/go: improper sanitization of LDFLAGS
CVE-2023-29404cmd/go: improper sanitization of LDFLAGS
CVE-2023-29403runtime: unexpected behavior of setuid/setgid binaries
CVE-2023-29402cmd/go: cgo code injection
CVE-2023-29400Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...
CVE-2023-24540Not all valid JavaScript whitespace characters are considered to be wh ...
CVE-2023-24539Angle brackets (<>) are not considered dangerous characters when inser ...
CVE-2023-24538Templates do not properly consider backticks (`) as Javascript string ...
CVE-2023-24537Calling any of the Parse functions on Go source code which contains // ...
CVE-2023-24536Multipart form parsing can consume large amounts of CPU and memory whe ...
CVE-2023-24534HTTP and MIME header parsing can allocate large amounts of memory, eve ...
CVE-2023-24532The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...
CVE-2022-41725A denial of service is possible from excessive resource consumption in ...
CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients a ...
CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ...
CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On ...

Search for package or bug name: Reporting problems