{"affected":[{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.12-150000.1.35.1","go1.20-doc":"1.20.12-150000.1.35.1","go1.20-race":"1.20.12-150000.1.35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP4","name":"go1.20","purl":"pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.12-150000.1.35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.12-150000.1.35.1","go1.20-doc":"1.20.12-150000.1.35.1","go1.20-race":"1.20.12-150000.1.35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"go1.20","purl":"pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.12-150000.1.35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.12-150000.1.35.1","go1.20-doc":"1.20.12-150000.1.35.1","go1.20-race":"1.20.12-150000.1.35.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"go1.20","purl":"pkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.12-150000.1.35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.20":"1.20.12-150000.1.35.1","go1.20-doc":"1.20.12-150000.1.35.1","go1.20-race":"1.20.12-150000.1.35.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"go1.20","purl":"pkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.12-150000.1.35.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.20 fixes the following issues:\n\nUpdate to go1.20.12:\n\n- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).\n- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).\n- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).\n- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents\n- cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows\n","id":"SUSE-SU-2023:4708-1","modified":"2023-12-11T09:44:44Z","published":"2023-12-11T09:44:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234708-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206346"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217833"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39326"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45284"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45285"}],"related":["CVE-2023-39326","CVE-2023-45284","CVE-2023-45285"],"summary":"Security update for go1.20","upstream":["CVE-2023-39326","CVE-2023-45284","CVE-2023-45285"]}