[Buildroot] [PATCH v1 1/1] package/go: security bump to v1.21.5
Peter Korsgaard
peter at korsgaard.com
Sun Dec 10 12:59:34 UTC 2023
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Christian" == Christian Stewart <christian at aperture.us> writes:
>> Fixes the following CVEs:
>> CVE-2023-39326: net/http: limit chunked data overhead
>> CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
>> https://go.dev/doc/devel/release#go1.21.5
>> Signed-off-by: Christian Stewart <christian at aperture.us>
> Committed, thanks.
Committed to 2023.11.x, thanks. For 2023.02.x I will instead bump to
1.20.12, which has the same fixes.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list