mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-07 05:30:38 +02:00
36feabd05c
go1.24.12 (released 2026-01-15) includes security fixes to the go command, and the archive/zip, crypto/tls, and net/url packages, as well as bug fixes to the compiler, the runtime, and the crypto/tls and os packages. See: <https://github.com/golang/go/milestone/419> go1.24.13 (released 2026-02-04) includes security fixes to the go command and the crypto/tls package, as well as bug fixes to the crypto/x509 package. See: <https://github.com/golang/go/milestone/421> Containes fixes for: CVE-2025-68121: Unexpected session resumption in crypto/tls CVE-2025-68119: Unexpected code execution when invoking toolchain in cmd/go CVE-2025-61732: Potential code smuggling via doc comments in cmd/cgo CVE-2025-61731: Arbitrary file write using cgo pkg-config directive in cmd/go CVE-2025-61730: Handshake messages may be processed at the incorrect encryption level in crypto/tls CVE-2025-61728: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61726: Memory exhaustion in query parameter parsing in net/url * gnu/packages/golang.scm (go-1.24): Update to 1.24.13. Change-Id: I80dde282c7026fd7a3cf1161a6e63f0ceca2d51f