golang-1.7 (1.7.4-2+deb9u5) stretch-security; urgency=high
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-23772: Rat.SetString in math/big has an overflow that can
lead to Uncontrolled Memory Consumption.
* CVE-2022-23806: Curve.IsOnCurve in crypto/elliptic can incorrectly
return true in situations with a big.Int value that is not a valid
field element.
* CVE-2022-24921: regexp.Compile allows stack exhaustion via a deeply
nested expression.
[dgit import unpatched golang-1.7 1.7.4-2+deb9u5]
projects / golang-1.7.git / commit