[security] Go 1.22.2 and Go 1.21.9 pre-announcement
272 views
Skip to first unread message
anno...@golang.org
Mar 29, 2024, 5:43:06 PM3/29/24
to golan...@googlegroups.com
Hello gophers,
We plan to issue Go 1.22.2 and Go 1.21.9 during US business hours on Wednesday, April 3.
These minor releases include PRIVATE security fixes to the standard library, covering the following CVE:
- CVE-2023-45288
Following our security policy, this is the pre-announcement of those releases.
Thanks,
Than and Dmitri for the Go team
Russtopia!
Mar 31, 2024, 7:28:25 AM3/31/24
to golan...@googlegroups.com, anno...@golang.org
xz backdoor? Someone independently stumbled on it so do we all need to distrust our Go binaries until this is released? Embargo on this CVE may have been (accidentally) busted.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
Russtopia!
Mar 31, 2024, 8:10:14 AM3/31/24
to golan...@googlegroups.com, anno...@golang.org
Ah, xzutils issue is CVE-2024-3094, so hopefully unrelated.
Reply all
Reply to author
Forward
0 new messages