[Buildroot] [PATCH 1/1] package/go: security bump to 1.17.1

Peter Korsgaard peter at korsgaard.com
Fri Sep 10 13:17:49 UTC 2021


>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:

 > The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the
 > NewReader and OpenReader functions in archive/zip can still cause a panic or an
 > unrecoverable fatal error when reading an archive that claims to contain a large
 > number of files, regardless of its actual size.

 > This is CVE-2021-39293.

 > https://golang.org/doc/devel/release.html#go1.16.minor

 > Signed-off-by: Christian Stewart <christian at paral.in>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list