mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-07 05:30:38 +02:00
391200d054
go1.25.8 (released 2026-03-05) includes security fixes to the html/template, net/url, and os packages, as well as bug fixes to the go command, the compiler, and the os package. See: <https://github.com/golang/go/compare/go1.25.7...go1.25.8>, <https://www.openwall.com/lists/oss-security/2026/03/06/1> Containes fixes for: CVE-2026-27142: URLs in meta content attribute actions are not escaped in html/template. CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url. CVE-2026-27139: FileInfo can escape from a Root in os. * gnu/packages/golang.scm (go-1.25): Update to 1.25.8. Change-Id: I01a80a78f20075fe6c05c46f97dfe35f770a99a0