]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b532fa2) | patch
go: fix CVE-2025-58189
authorArchana Polampalli <archana.polampalli@windriver.com>
Fri, 7 Nov 2025 10:21:00 +0000 (15:51 +0530)
committerSteve Sakoman <steve@sakoman.com>
Fri, 7 Nov 2025 14:52:19 +0000 (06:52 -0800)
commite734cf62f24640d116c901dd97e09ddbb1f0cc4f
tree4b45f5a9da5630941a1a94bc753a3e3819cc3f5etree | snapshot
parentb532fa208d0b102326642a2fba8b17661a14307ecommit | diff
go: fix CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker
controlled information (the ALPN protocols sent by the client) which is not escaped.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
meta/recipes-devtools/go/go-1.22.12.inc diff | blob | blame | history
meta/recipes-devtools/go/go/CVE-2025-58189.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core