Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update go123 to 1.23.8 and go124 to 1.24.2
These minor releases include 1 security fixes following the security policy:
- net/http: request smuggling through invalid chunked data
The net/http package accepted data in the chunked transfer encoding
containing an invalid chunk-size line terminated by a bare LF.
When used in conjunction with a server or proxy which incorrectly
interprets a bare LF in a chunk extension as part of the extension,
this could permit request smuggling.
The net/http package now rejects chunk-size lines containing a bare LF.
Thanks to Jeppe Bonde Weikop for reporting this issue.
This is CVE-2025-22871 and Go issue https://go.dev/issue/71988.
View the release notes for more information.
| Revision | Action | file |
| 1.229 | modify | pkgsrc/lang/go/version.mk |
| 1.8 | modify | pkgsrc/lang/go123/PLIST |
| 1.10 | modify | pkgsrc/lang/go123/distinfo |
| 1.3 | modify | pkgsrc/lang/go124/PLIST |
| 1.3 | modify | pkgsrc/lang/go124/distinfo |