ALT-BU-2021-4574-1
Branch sisyphus_riscv64 update bulletin.
Package rpm-build-tex updated to version 0.4.3-alt1 for branch sisyphus_riscv64.
Closed bugs
FTBFS: invalid Provides tag in rpm-build-tex
Package rust updated to version 1.57.0-alt0.2.rv64 for branch sisyphus_riscv64.
Closed bugs
cargo vendor is broken
Package golang updated to version 1.17.5-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02
- https://security.netapp.com/advisory/ntap-20220121-0002/
- https://security.netapp.com/advisory/ntap-20220121-0002/
Modified: 2024-11-21
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02
Package imlib2 updated to version 1.7.5-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-12761
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.