Next | Query returned 7 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2024-12-04 19:51:39 by Benny Siegert | Files touched by this commit (4)
Log message:
Update Go to 1.22.10, 1.23.4

go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the
trace command, and the syscall package. See the Go 1.23.4 milestone on our
issue tracker for details.

go1.22.10 (released 2024-12-03) includes fixes to the runtime and the syscall
package. See the Go 1.22.10 milestone on our issue tracker for details.
   2024-11-22 11:50:38 by Thomas Klausner | Files touched by this commit (1)
Log message:
go123: remove traces of GOROOT_FINAL

(didn't help after all, removed in 1.23)
   2024-11-22 08:49:50 by Thomas Klausner | Files touched by this commit (1)
Log message:
go123: set GOROOT_FINAL

Fixes binary for me on NetBSD 10.
   2024-11-22 08:35:27 by Thomas Klausner | Files touched by this commit (1)
Log message:
go123: remove reference to non-existent files
   2024-11-08 20:46:59 by Benny Siegert | Files touched by this commit (5) | Package updated
Log message:
go: update to 1.22.9 and 1.23.2.

go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and
the net/http, os, and syscall packages. See the Go 1.23.3 milestone on our
issue tracker for details.

go1.22.9 (released 2024-11-06) includes fixes to the linker. See the Go 1.22.9
milestone on our issue tracker for details.
   2024-10-03 17:41:01 by Benny Siegert | Files touched by this commit (6) | Package updated
Log message:
go: update go123 to 1.23.2 and go122 to 1.22.8.

go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the
runtime, and the maps, os, os/exec, time, and unique packages. See the Go
1.23.2 milestone on our issue tracker for details.

go1.22.8 (released 2024-10-01) includes fixes to cgo, and the maps and syscall
packages. See the Go 1.22.8 milestone on our issue tracker for details.
   2024-09-06 20:38:23 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
go123: update to 1.23.1

This minor release includes 3 security fixes following the security policy:

go/parser: stack exhaustion in all Parse* functions

Calling any of the Parse functions on Go source code which contains deeply \ 
nested literals can cause a panic due to stack exhaustion.

This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

encoding/gob: stack exhaustion in Decoder.Decode

Calling Decoder.Decode on a message which contains deeply nested structures can \ 
cause a panic due to stack exhaustion.

This is a follow-up to CVE-2022-30635.

Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for \ 
reporting this issue.

This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

go/build/constraint: stack exhaustion in Parse

Calling Parse on a "// +build" build tag line with deeply nested \ 
expressions can cause a panic due to stack exhaustion.

This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

Next | Query returned 7 messages, browsing 1 to 10 | previous