{"affected":[{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.8-150000.1.23.1","go1.20-doc":"1.20.8-150000.1.23.1","go1.20-race":"1.20.8-150000.1.23.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP4","name":"go1.20","purl":"pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.8-150000.1.23.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.8-150000.1.23.1","go1.20-doc":"1.20.8-150000.1.23.1","go1.20-race":"1.20.8-150000.1.23.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"go1.20","purl":"pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.8-150000.1.23.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.8-150000.1.23.1","go1.20-doc":"1.20.8-150000.1.23.1","go1.20-race":"1.20.8-150000.1.23.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"go1.20","purl":"pkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.8-150000.1.23.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.8-150000.1.23.1","go1.20-doc":"1.20.8-150000.1.23.1","go1.20-race":"1.20.8-150000.1.23.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"go1.20","purl":"pkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.8-150000.1.23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.20 fixes the following issues:\n\nUpdate to go1.20.8 (bsc#1206346).\n\n- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).\n- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).\n\nThe following non-security bug was fixed:\n\n- Add missing directory pprof html asset directory to package (bsc#1215090).\n","id":"SUSE-SU-2023:3700-1","modified":"2023-09-20T09:17:33Z","published":"2023-09-20T09:17:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233700-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206346"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215084"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215085"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215090"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39318"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39319"}],"related":["CVE-2023-39318","CVE-2023-39319"],"summary":"Security update for go1.20","upstream":["CVE-2023-39318","CVE-2023-39319"]}