From d6a07d0c294a223f2bc3e781b47a3c4a159357c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 5 Sep 2024 17:54:35 +0200 Subject: [PATCH] update to go1.22.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7 These minor releases include 3 security fixes following the security policy: - go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. - go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.7 Signed-off-by: Paweł Gronowski --- common.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.mk b/common.mk index 62824446c6..941f97cbd5 100644 --- a/common.mk +++ b/common.mk @@ -17,7 +17,7 @@ CHOWN:=docker run --rm -v $(CURDIR):/v -w /v alpine chown DEFAULT_PRODUCT_LICENSE:=Community Engine PACKAGER_NAME?= DOCKER_GITCOMMIT:=abcdefg -GO_VERSION:=1.22.6 +GO_VERSION:=1.22.7 PLATFORM=Docker Engine - Community SHELL:=/bin/bash VERSION?=0.0.1-dev