]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54ce53f) | patch
go: fix CVE-2025-22870
authorArchana Polampalli <archana.polampalli@windriver.com>
Wed, 2 Apr 2025 11:45:32 +0000 (11:45 +0000)
committerSteve Sakoman <steve@sakoman.com>
Tue, 8 Apr 2025 15:38:30 +0000 (08:38 -0700)
commit88e79f915137edc5a37a110abdc79f5800404e45
tree633c090bc0188d89ccea489197bf4c0bb83c45f2tree | snapshot
parent54ce53f7c2daf4f9d536e4e1f721035064c57b30commit | diff
go: fix CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID
as a hostname component. For example, when the NO_PROXY environment variable
is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly
match and not be proxied.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.22.12.inc diff | blob | blame | history
meta/recipes-devtools/go/go/CVE-2025-22870.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core