go icon indicating copy to clipboard operation
go copied to clipboard

Published 20 hours ago verified publisher icon golang

security: fix CVE-2022-27664 [1.18 backport]

Open neild opened this issue 3 years ago • 1 comments

This is a PRIVATE issue for CVE-2022-27664 tracked in http://b/219507101 and fixed by http://tg/1413887.

neild avatar Jul 20 '22 22:07 neild

Since this is in Go1.18.6 milestone, added a "[1.18 backport]" suffix and a CherryPickCandidate label so this doesn't get missed during backport review, but I expect it to get approved as a security fix.

dmitshur avatar Aug 08 '22 18:08 dmitshur

@neild can we add a backport for 1.19 as well?

joedian avatar Aug 10 '22 16:08 joedian

@neild can we add a backport for 1.19 as well?

Created #54376.

neild avatar Aug 10 '22 17:08 neild

Change https://go.dev/cl/428635 mentions this issue: [release-branch.go1.18] net/http: update bundled golang.org/x/net/http2

gopherbot avatar Sep 06 '22 15:09 gopherbot

Closed by merging 5bc9106458fc07851ac324a4157132a91b1f3479 to release-branch.go1.18.

gopherbot avatar Sep 06 '22 15:09 gopherbot

Change https://go.dev/cl/428735 mentions this issue: http2: handle server errors after sending GOAWAY

gopherbot avatar Sep 06 '22 16:09 gopherbot

Change https://go.dev/cl/428736 mentions this issue: [internal-branch.go1.18-vendor] http2: handle server errors after sending GOAWAY

gopherbot avatar Sep 06 '22 16:09 gopherbot

Change https://go.dev/cl/428737 mentions this issue: [internal-branch.go1.19-vendor] http2: handle server errors after sending GOAWAY

gopherbot avatar Sep 06 '22 16:09 gopherbot

Change https://go.dev/cl/429316 mentions this issue: [release-branch.go1.18] all: upgrade golang.org/x/net to v0.0.0-20220907013725-0a43f88f7ef0

gopherbot avatar Sep 07 '22 23:09 gopherbot