Go 1.20.1 and Go 1.19.6 have been released on February 14, fixing security issues: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E Fedora has issued an advisory for this on February 18: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JRXUC3OICW2AVH5PMURCX4EAOCITSPPU/ Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.19.6
1.19.6 pushed to mga8 updates_testing. 1.20.1 needs more work to be built for cauldron.
Status: NEW => ASSIGNED
golang-tests-1.19.6-1.mga8 golang-1.19.6-1.mga8 golang-misc-1.19.6-1.mga8 golang-docs-1.19.6-1.mga8 golang-src-1.19.6-1.mga8 golang-shared-1.19.6-1.mga8 golang-bin-1.19.6-1.mga8 from golang-1.19.6-1.mga8.src.rpm
Go 1.20.2 and Go 1.19.7 have been released on March 7, fixing a security issue: https://groups.google.com/g/golang-announce/c/3-TpUx48iQY SUSE has issued advisories for this on March 14: https://lists.suse.com/pipermail/sle-security-updates/2023-March/014037.html https://lists.suse.com/pipermail/sle-security-updates/2023-March/014038.html Mageia 8 is also affected.
Status comment: Fixed upstream in 1.19.6 => Fixed upstream in 1.19.7Summary: golang new security issues CVE-2022-4172[3-5] => golang new security issues CVE-2022-4172[3-5] and CVE-2023-24532
*** Bug 31692 has been marked as a duplicate of this bug. ***
CC: (none) => linux
golang-tests-1.19.7-1.mga8 golang-1.19.7-1.mga8 golang-misc-1.19.7-1.mga8 golang-docs-1.19.7-1.mga8 golang-src-1.19.7-1.mga8 golang-shared-1.19.7-1.mga8 golang-bin-1.19.7-1.mga8 from golang-1.19.7-1.mga8.src.rpm Cauldron update still pending.
I have now also pushed it to updates_testing for cauldron. Still need to have 1.20.x building not done yet.
Status comment: Fixed upstream in 1.19.7 => (none)Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Assignee: bruno => qa-bugsCC: (none) => bruno
Note that the Cauldron update still needs to be moved to core/release.
Mageia8, x86_64 Updated all the packages. $ rpm -q golang golang-1.19.7-1.mga8 Rebuilt docker locally to test compiler. $ cd docker $ mgarepo co docker $ bm -s $ bm -l .... ++ jobs -p + exit 0 succeeded! $ cd RPMS/x86_64 $ ls -l total 60808 -rw-r--r-- 1 lcl lcl 34777110 Mar 21 10:54 docker-20.10.22-1.mga8.x86_64.rpm .....
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0109.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED