[Buildroot] [PATCH] package/go: security bump to version 1.21.3
Peter Korsgaard
peter at korsgaard.com
Thu Oct 12 14:38:57 UTC 2023
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2023-39325: rapid stream resets can cause excessive work
> A malicious HTTP/2 client which rapidly creates requests and immediately
> resets them can cause excessive server resource consumption. While the
> total number of requests is bounded to the http2.Server.MaxConcurrentStreams
> setting, resetting an in-progress request allows the attacker to create a
> new request while the existing one is still executing.
> go1.21.3 (released 2023-10-10) includes a security fix to the net/http
> package.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list