security: fix CVE-2023-24540 [1.20 backport] #59814
Labels
Milestone
Comments
gopherbot
added
the
CherryPickCandidate
neild
added
Security
release-blocker
CherryPickApproved
|
Change https://go.dev/cl/491356 mentions this issue: |
|
Closed by merging 4a28cad to release-branch.go1.20. |
gopherbot
pushed a commit
that referenced
this issue
May 2, 2023
…cters Rather than just a small set. Character class as defined by \s [0]. Thanks to Juho Nurminen of Mattermost for reporting this. For #59721 Fixes #59814 Fixes CVE-2023-24540 [0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459 Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851493 TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/491356 Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
bradfitz
pushed a commit
to tailscale/go
that referenced
this issue
May 25, 2023
…cters Rather than just a small set. Character class as defined by \s [0]. Thanks to Juho Nurminen of Mattermost for reporting this. For golang#59721 Fixes golang#59814 Fixes CVE-2023-24540 [0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459 Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851493 TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/491356 Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
bradfitz
pushed a commit
to tailscale/go
that referenced
this issue
May 25, 2023
…cters Rather than just a small set. Character class as defined by \s [0]. Thanks to Juho Nurminen of Mattermost for reporting this. For golang#59721 Fixes golang#59814 Fixes CVE-2023-24540 [0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459 Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851493 TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/491356 Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@neild requested issue #59721 to be considered for backport to the next 1.20 minor release.
The text was updated successfully, but these errors were encountered: