ALT Linux Team

Package golang update in sisyphus_loongarch64 on 2025-04-02

ALT-PU-2025-5123-1

Package golang updated to version 1.24.2-alt1 for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2025-04-08
Modified: 2025-04-09

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top