Branch p11 update bulletin.

Package docs-alt-workstation updated to version 11.0-alt5 for branch p11 in task 386784.

Исправить опечатки в документации docs-alt-workstation

Package golang updated to version 1.24.5-alt1 for branch p11 in task 389338.

Published: 2025-07-29
Modified: 2025-11-04

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

Severity: HIGH (8.6) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

https://go.dev/cl/686515
https://go.dev/issue/74380
https://groups.google.com/g/golang-announce/c/gTNJnDXmn34
https://pkg.go.dev/vuln/GO-2025-3828
http://www.openwall.com/lists/oss-security/2025/07/08/5

Version: 2.1.2

Branch p11 update on 2025-07-10

ALT-BU-2025-9115-1

ALT-PU-2025-7949-3

Closed bugs

Bug #54479

ALT-PU-2025-9099-2

Closed vulnerabilities

CVE-2025-4674