[Buildroot] [PATCH 1/1] package/go: security bump to 1.17.1
Peter Korsgaard
peter at korsgaard.com
Fri Sep 10 13:17:49 UTC 2021
>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:
> The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the
> NewReader and OpenReader functions in archive/zip can still cause a panic or an
> unrecoverable fatal error when reading an archive that claims to contain a large
> number of files, regardless of its actual size.
> This is CVE-2021-39293.
> https://golang.org/doc/devel/release.html#go1.16.minor
> Signed-off-by: Christian Stewart <christian at paral.in>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list