Skip to content

Commit 4d78d74

Browse files
juliaogrisjuliaogris
committed
tools: Upgrade go
Upgrade go to 1.23.6 to fix vulnerability only listed on linux. Vulnerability #1: GO-2025-3447 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec More info: https://pkg.go.dev/vuln/GO-2025-3447 Standard library Found in: crypto/internal/nistec@go1.23.5 Fixed in: crypto/internal/nistec@go1.23.6 Platforms: ppc64le Example traces found: #1: pkg/cli/runtime.go:89:21: cli.Platform.Cls calls exec.Command, which eventually calls nistec.P256Point.SetBytes We are not doing a full upgrade because the last one was just merged and I can't upgrade on mac without first fixing the rounding issue (chicken-egg).
1 parent 63ce1d4 commit 4d78d74

File tree

3 files changed

+2
-2
lines changed

3 files changed

+2
-2
lines changed

bin/.go-1.23.5.pkg renamed to bin/.go-1.23.6.pkg

File renamed without changes.

bin/go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
.go-1.23.5.pkg
1+
.go-1.23.6.pkg

bin/gofmt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
.go-1.23.5.pkg
1+
.go-1.23.6.pkg

0 commit comments

Comments
 (0)