diff options
| author | Sharlatan Hellseher <sharlatanus@gmail.com> | 2026-05-15 13:52:01 +0100 |
|---|---|---|
| committer | Sharlatan Hellseher <sharlatanus@gmail.com> | 2026-05-17 13:40:35 +0100 |
| commit | c1fbc5d4e26439ce304bf4ea854d879ced06f6ee (patch) | |
| tree | 10f9415b31bbc68866b25536a5ec658b9f851e52 /gnu | |
| parent | 556cb3ca417b2fac85c6cc9ecdd494c7a349981b (diff) | |
gnu: go-1.26: Update to 1.26.3 [security-fixes].
go1.26.3 (released 2026-05-07) includes security fixes to the go
command, the pack tool, and the html/template, net, net/http,
net/http/httputil, net/mail, and syscall packages, as well as bug fixes
to the go command, the go fix command, the compiler, the linker, the
runtime, and the crypto/fips140, crypto/tls, go/types, and os packages
See: <https://github.com/golang/go/milestone/433>,
<https://groups.google.com/g/golang-announce/c/qcCIEXso47M>.
Containes fixes for:
CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum
database
CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with
more than urlmaxqueryparams parameters
CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte
on Windows
CVE-2026-42499: net/mail: quadratic string concatenation in
consumePhrase
CVE-2026-39820: net/mail: quadratic string concatentation in
consumeComment
CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable
temporary filenames
CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given
bad SETTINGS_MAX_FRAME_SIZE
CVE-2026-39826: html/template: escaper bypass leads to XSS
CVE-2026-33811: net: crash when handling long CNAME response
CVE-2026-39823: html/template: bypass of meta content URL escaping
causes XSS
* gnu/packages/golang.scm (go-1.26): Update to 1.26.3.
Change-Id: Ia1a51eff549c90918e32af4834c03b675504a231
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/packages/golang.scm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 812fee70b1..a3238b4c55 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -1120,7 +1120,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (package (inherit go-1.24) (name "go") - (version "1.26.2") + (version "1.26.3") (source (origin (method git-fetch) @@ -1129,7 +1129,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (commit (string-append "go" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "01dgshhn38dgxmbn02knnvddirmkwgvr3v003dml5q87qibzvg30")))) + (base32 "16yrb9si7swc6vnxjj5ga5pvyjkab5w8z589fqml61q0rypnn6ay")))) (arguments (substitute-keyword-arguments arguments ((#:phases phases) |
