xz backdoor? Someone independently stumbled on it so do we all need to distrust our Go binaries until this is released? Embargo on this CVE may have been (accidentally) busted.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b On March 29, 2024 2:40:07 p.m. PDT, annou...@golang.org wrote: >Hello gophers, > >We plan to issue Go 1.22.2 and Go 1.21.9 during US business hours on >Wednesday, April 3. > >These minor releases include PRIVATE security fixes to the standard library, >covering the following CVE: > >- CVE-2023-45288 > >Following our security policy, this is the pre-announcement of those releases. > >Thanks, >Than and Dmitri for the Go team > >-- >You received this message because you are subscribed to the Google Groups >"golang-nuts" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to golang-nuts+unsubscr...@googlegroups.com. >To view this discussion on the web visit >https://groups.google.com/d/msgid/golang-nuts/aALo8CEjSde7JcBYKiKpaQ%40geopod-ismtpd-4. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/C0B7DDD0-0436-4684-8688-7D9EABE53265%40gmail.com.
