Skip to content

Commit

Permalink
update to go1.22.7
Browse files Browse the repository at this point in the history 
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: golang/go@go1.22.6...go1.22.7

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University ([email protected]) for reporting this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.7

Signed-off-by: Paweł Gronowski <[email protected]>
  • Loading branch information
@vvoland
vvoland committed Sep 5, 2024
1 parent 5e90bd3 commit d6a07d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion common.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown
DEFAULT_PRODUCT_LICENSE:=Community Engine
PACKAGER_NAME?=
DOCKER_GITCOMMIT:=abcdefg
GO_VERSION:=1.22.6
GO_VERSION:=1.22.7
PLATFORM=Docker Engine - Community
SHELL:=/bin/bash
VERSION?=0.0.1-dev
Expand Down

0 comments on commit d6a07d0

Please sign in to comment.