Summary: | <dev-lang/go-{1.20.10,1.21.3}: rapid stream resets can cause excessive work | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 915900 | ||
Bug Blocks: | 915553 |
Description
Hans de Graaff
2023-10-10 17:12:13 UTC
Adding package dev-lang/go to the title and its maintainer to CC… Bumping dev-lang/go to 1.21.3 and 1.20.10 is enough to fix the issue according to https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo . The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94aaf10bbb97211efdffb001a4be8852cd65d6ff commit 94aaf10bbb97211efdffb001a4be8852cd65d6ff Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-10-17 17:53:17 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-10-17 17:53:27 +0000 dev-lang/go: add 1.21.3 Bug: https://bugs.gentoo.org/915555 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 + dev-lang/go/go-1.21.3.ebuild | 210 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d31735413519485d5f4f0c1fde48a41f6820059 commit 4d31735413519485d5f4f0c1fde48a41f6820059 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-10-17 17:52:05 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-10-17 17:53:27 +0000 dev-lang/go: add 1.20.10 Bug: https://bugs.gentoo.org/915555 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 + dev-lang/go/go-1.20.10.ebuild | 210 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=7f1e599c82e7f7f6b21bf1127d01d7dfa903e21c commit 7f1e599c82e7f7f6b21bf1127d01d7dfa903e21c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-25 08:56:49 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-25 08:57:21 +0000 [ GLSA 202311-09 ] Go: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/873637 Bug: https://bugs.gentoo.org/883783 Bug: https://bugs.gentoo.org/894478 Bug: https://bugs.gentoo.org/903979 Bug: https://bugs.gentoo.org/908255 Bug: https://bugs.gentoo.org/915555 Bug: https://bugs.gentoo.org/916494 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-09.xml | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) |