packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
hanchao 4eff8aee0d golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict:
CVE-2022-1962: src/go/parser/parser.go
CVE-2022-1705: src/net/http/transfer.go
CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:  https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE
CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:  0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
2022-07-27 23:11:25 +08:00
0001-drop-hard-code-cert.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0001-release-branch.go1.15-doc-go1.15-mention-1.15.3-cgo-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch
fix CVE-2022-23773
2022-03-24 11:35:33 +08:00
0002-release-branch.go1.15-cmd-go-fix-mod_get_fallback-te.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0003-release-branch.go1.15-internal-execabs-only-run-test.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0004-release-branch.go1.15-cmd-compile-don-t-short-circui.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0005-release-branch.go1.15-cmd-go-fix-get_update_unknown_.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0006-release-branch.go1.15-net-http-update-bundled-x-net-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0007-release-branch.go1.15-cmd-go-don-t-lookup-the-path-f.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0008-release-branch.go1.15-cmd-link-internal-ld-pe-fix-se.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0009-release-branch.go1.15-cmd-internal-goobj2-fix-buglet.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0010-release-branch.go1.15-runtime-don-t-adjust-timer-pp-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0011-release-branch.go1.15-runtime-cgo-fix-Android-build-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0013-release-branch.go1.15-internal-poll-if-copy_file_ran.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0014-release-branch.go1.15-internal-poll-netpollcheckerr-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0015-release-branch.go1.15-cmd-compile-do-not-assume-TST-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0016-release-branch.go1.15-syscall-do-not-overflow-key-me.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0017-release-branch.go1.15-time-correct-unusual-extension.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0018-release-branch.go1.15-cmd-compile-fix-escape-analysi.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0019-release-branch.go1.15-net-http-ignore-connection-clo.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0020-release-branch.go1.15-net-http-add-connections-back-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0021-release-branch.go1.15-security-encoding-xml-prevent-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0023-release-branch.go1.15-cmd-go-don-t-report-missing-st.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0025-release-branch.go1.15-cmd-go-internal-modfetch-detec.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0026-release-branch.go1.15-cmd-link-generate-trampoline-f.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0027-release-branch.go1.15-net-http-update-bundled-x-net-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0028-release-branch.go1.15-net-http-fix-detection-of-Roun.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0029-release-branch.go1.15-build-set-GOPATH-consistently-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0030-release-branch.go1.15-database-sql-fix-tx-stmt-deadl.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0031-release-branch.go1.15-cmd-compile-disable-shortcircu.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0032-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0033-release-branch.go1.15-cmd-cgo-avoid-exporting-all-sy.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0034-release-branch.go1.15-cmd-link-avoid-exporting-all-s.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0035-release-branch.go1.15-cmd-cgo-remove-unnecessary-spa.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0037-release-branch.go1.15-time-use-offset-and-isDST-when.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0038-release-branch.go1.15-std-update-golang.org-x-net-to.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0039-release-branch.go1.15-runtime-time-disable-preemptio.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0040-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0041-release-branch.go1.15-runtime-pprof-skip-tests-for-A.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0043-release-branch.go1.15-math-big-fix-TestShiftOverlap-.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0044-release-branch.go1.15-math-big-remove-the-s390x-asse.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0045-net-http-fix-hijack-hang-at-abortPendingRead.patch
batch synchronization
2021-06-18 15:46:44 +08:00
0046-release-branch.go1.15-net-verify-results-from-Lookup.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0047-release-branch.go1.15-archive-zip-only-preallocate-F.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0048-release-branch.go1.15-net-http-httputil-always-remov.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0049-release-branch.go1.15-math-big-check-for-excessive-e.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0050-release-branch.go1.15-crypto-tls-test-key-type-when-.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0051-net-reject-leading-zeros-in-IP-address-parsers.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0052-release-branch.go1.16-misc-wasm-cmd-link-do-not-let-.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch
fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221
2021-10-27 11:18:41 +08:00
0054-release-branch.go1.16-net-http-update-bundled-golang.patch
fix CVE-2021-44716
2022-01-19 16:25:03 +08:00
0055-release-branch.go1.16-archive-zip-prevent-preallocat.patch
fix CVE-2021-39293
2022-02-08 11:07:36 +08:00
0056-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch
fix CVE-2021-41771
2022-03-02 11:38:36 +08:00
0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
fix CVE-2022-23772 CVE-2022-23806
2022-03-05 16:42:40 +08:00
0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
fix CVE-2022-23772 CVE-2022-23806
2022-03-05 16:42:40 +08:00
0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch
fix CVE-2022-24921
2022-03-14 15:59:38 +08:00
0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch
fix CVE-2022-23773
2022-03-24 11:35:33 +08:00
0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch
fix CVE-2022-28327,CVE-2022-24675
2022-05-12 10:59:10 +08:00
0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch
fix CVE-2022-28327,CVE-2022-24675
2022-05-12 10:59:10 +08:00
0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
fix CVE-2021-44717
2022-05-16 15:03:09 +08:00
0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
go1.15.7.src.tar.gz
golang: upgrade to 1.15.7
2021-03-12 16:17:36 +08:00
golang.spec
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
2022-07-27 23:11:25 +08:00
golang.yaml
golang: upgrade to 1.13.15
2020-08-18 20:36:44 +08:00
Description
No description provided
83 MiB
Languages
Diff 100%