mirror of https://github.com/docker/cli.git
3bf39d25a0
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7 These minor releases include 3 security fixes following the security policy: - go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. - go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. View the release notes for more information: https://go.dev/doc/devel/release#go1.23.1 Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> |
||
|---|---|---|
| .. | ||
| cli-plugins | ||
| container | ||
| context | ||
| global | ||
| image | ||
| internal/fixtures | ||
| plugin | ||
| registry | ||
| stack | ||
| system | ||
| testdata | ||
| testutils | ||
| trust | ||
| compose-env.connhelper-ssh.yaml | ||
| compose-env.experimental.yaml | ||
| compose-env.yaml | ||