git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

projects / thirdparty / openembedded / openembedded-core.git / commit

author	Archana Polampalli <archana.polampalli@windriver.com>
	Fri, 28 Nov 2025 16:07:57 +0000 (21:37 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 1 Dec 2025 15:13:56 +0000 (07:13 -0800)
commit	b3f055df67cf345c9a17c5c1c874c778d538ba9e
tree	0aa792e8e672ba4eacf5ea315b7b9a099db6d9ad	tree \| snapshot
parent	cea9fcf1b21b1b35b88986b676d712ab8ffa9d67	commit \| diff

go: fix CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled
information (the ALPN protocols sent by the client) which is not escaped.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/go/go-1.17.13.inc		diff \| blob \| blame \| history
meta/recipes-devtools/go/go-1.18/CVE-2025-58189.patch	[new file with mode: 0644]	blob

Mirror of git://git.openembedded.org/openembedded-core

RSS Atom