Skip to content

vendor: golang.org/x/net@v0.23.0#5

Merged
corhere merged 1 commit intoMirantis:release-1.1-mfrom
corhere:bump-xnet-0.23
Apr 15, 2024
Merged

vendor: golang.org/x/net@v0.23.0#5
corhere merged 1 commit intoMirantis:release-1.1-mfrom
corhere:bump-xnet-0.23

Conversation

@corhere
Copy link
Copy Markdown

@corhere corhere commented Apr 5, 2024

Ostensibly resolves CVE-2023-45288 as reported by sysdig, although runc is not impacted. As demonstrated by the complete lack of change in the vendor/golang.org/x/net subtree and confirmed by govulncheck, the vulnerable code path is unreachable from runc.

$ go get golang.org/x/net@v0.23.0
go: upgraded golang.org/x/net v0.17.0 => v0.23.0
go: upgraded golang.org/x/sys v0.13.0 => v0.18.0

@corhere
vendor: golang.org/x/net@v0.23.0
311f033 
Ostensibly resolves CVE-2023-45288 as reported by sysdig, although runc
is not impacted. As demonstrated by the complete lack of change in the
vendor/golang.org/x/net subtree and confirmed by govulncheck, the
vulnerable code path is unreachable from runc.

    $ go get golang.org/x/net@v0.23.0
    go: upgraded golang.org/x/net v0.17.0 => v0.23.0
    go: upgraded golang.org/x/sys v0.13.0 => v0.18.0

Signed-off-by: Cory Snider <csnider@mirantis.com>
@corhere corhere requested a review from dperny April 5, 2024 14:55
@corhere corhere merged commit 691b127 into Mirantis:release-1.1-m Apr 15, 2024
@corhere corhere deleted the bump-xnet-0.23 branch April 15, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dperny dperny dperny approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@corhere @dperny