summaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorSharlatan Hellseher <sharlatanus@gmail.com>2026-05-15 13:52:01 +0100
committerSharlatan Hellseher <sharlatanus@gmail.com>2026-05-17 13:40:35 +0100
commitc1fbc5d4e26439ce304bf4ea854d879ced06f6ee (patch)
tree10f9415b31bbc68866b25536a5ec658b9f851e52 /gnu
parent556cb3ca417b2fac85c6cc9ecdd494c7a349981b (diff)
gnu: go-1.26: Update to 1.26.3 [security-fixes].
go1.26.3 (released 2026-05-07) includes security fixes to the go command, the pack tool, and the html/template, net, net/http, net/http/httputil, net/mail, and syscall packages, as well as bug fixes to the go command, the go fix command, the compiler, the linker, the runtime, and the crypto/fips140, crypto/tls, go/types, and os packages See: <https://github.com/golang/go/milestone/433>, <https://groups.google.com/g/golang-announce/c/qcCIEXso47M>. Containes fixes for: CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE CVE-2026-39826: html/template: escaper bypass leads to XSS CVE-2026-33811: net: crash when handling long CNAME response CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS * gnu/packages/golang.scm (go-1.26): Update to 1.26.3. Change-Id: Ia1a51eff549c90918e32af4834c03b675504a231
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/golang.scm4
1 files changed, 2 insertions, 2 deletions
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 812fee70b1..a3238b4c55 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1120,7 +1120,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(package
(inherit go-1.24)
(name "go")
- (version "1.26.2")
+ (version "1.26.3")
(source
(origin
(method git-fetch)
@@ -1129,7 +1129,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(commit (string-append "go" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "01dgshhn38dgxmbn02knnvddirmkwgvr3v003dml5q87qibzvg30"))))
+ (base32 "16yrb9si7swc6vnxjj5ga5pvyjkab5w8z589fqml61q0rypnn6ay"))))
(arguments
(substitute-keyword-arguments arguments
((#:phases phases)