git.openwrt.org Git - feed/packages.git/commit

author	Jeffery To <jeffery.to@gmail.com>
	Mon, 18 Jul 2022 09:35:11 +0000 (17:35 +0800)
committer	Jeffery To <jeffery.to@gmail.com>
	Mon, 18 Jul 2022 09:35:11 +0000 (17:35 +0800)
commit	60168651a2c7279a4a169be6b3d61be57e871e55
tree	194c98a65c96eccc0d9a191419c0170ca0577e88	tree \| snapshot
parent	c1cf3ae19bb97a8f4c6131f55c115b45caec4fc0	commit \| diff

golang: Update to 1.18.4

Includes fixes for:

* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working

Signed-off-by: Jeffery To <jeffery.to@gmail.com>