Ah, xzutils issue is CVE-2024-3094, so hopefully unrelated.
On March 31, 2024 4:27:45 a.m. PDT, Russtopia! wrote:
>xz backdoor? Someone independently stumbled on it so do we all need to
>distrust our Go binaries until this is released? Embargo on this CVE may have
>been (accidentally) busted.
>
xz backdoor? Someone independently stumbled on it so do we all need to distrust
our Go binaries until this is released? Embargo on this CVE may have been
(accidentally) busted.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
On March 29, 2024 2:40:07 p.m. PDT, annou...@go
Hello gophers,
We plan to issue Go 1.22.2 and Go 1.21.9 during US business hours on Wednesday,
April 3.
These minor releases include PRIVATE security fixes to the standard library,
covering the following CVE:
- CVE-2023-45288
Following our security policy, this is the pre-announcement o
