mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-12 16:10:39 +02:00
ac0efb2c97
go1.26.1 (released 2026-03-05) includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages. See: <https://github.com/golang/go/compare/go1.26.0...go1.26.1>, <https://www.openwall.com/lists/oss-security/2026/03/06/1> Containes fixes for: CVE-2026-27137: Incorrect enforcement of email constraints in crypto/x509. CVE-2026-27138: Panic in name constraint checking for malformed certificates in crypto/x509. CVE-2026-27142: URLs in meta content attribute actions are not escaped in html/template. CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url. CVE-2026-27139: FileInfo can escape from a Root in os. * gnu/packages/golang.scm (go-1.26): Update to 1.26.1. Change-Id: I1c014a334407d9ca927d9e403c8c7e92cad8fe1d