package/go: security bump to version 1.19.8

go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. Fixes security vulnerabilities: go/parser: infinite loop in parsing (CVE-2023-24537) html/template: backticks not treated as string delimiters (CVE-2023-24538) net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) https://go.dev/doc/devel/release#go1.19.8 https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-11-23 13:33:28 +08:00 · 2023-04-04 12:08:07 -07:00 · 2023-04-04 12:08:07 -07:00 · b7eaa9af7b
commit b7eaa9af7b
parent 7e763381b7
2 changed files with 2 additions and 2 deletions
--- a/package/go/go.hash
+++ b/package/go/go.hash
@ -1,3 +1,3 @@
 # From https://go.dev/dl
-sha256  775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633  go1.19.7.src.tar.gz
+sha256  1d7a67929dccafeaf8a29e55985bc2b789e0499cb1a17100039f084e3238da2f  go1.19.8.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
--- a/package/go/go.mk
+++ b/package/go/go.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GO_VERSION = 1.19.7
+GO_VERSION = 1.19.8
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz