{"affected":[{"ecosystem_specific":{"binaries":[{"go1.15":"1.15.14-1.36.1","go1.15-doc":"1.15.14-1.36.1","go1.15-race":"1.15.14-1.36.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"go1.15","purl":"pkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.15.14-1.36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.15 fixes the following issues:\n\n- go1.15.14 (released 2021-07-12) includes a security fix to the\n  crypto/tls package, as well as bug fixes to the linker, and the\n  net package.\n  CVE-2021-34558\n  Refs bsc#1175132 go1.15 release tracking\n  * bsc#1188229 go#47143 CVE-2021-34558\n  * go#47144 security: fix CVE-2021-34558\n  * go#47012 net: LookupMX behaviour broken\n  * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3\n  * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora\n  * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing\n  * go#46656 runtime: deeply nested struct initialized with non-zero values\n\n- Fix extraneous trailing percent character %endif% in spec file.\n","id":"openSUSE-SU-2021:2398-1","modified":"2021-07-19T14:57:38Z","published":"2021-07-19T14:57:38Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZJXXUXBI66VV2PXRNAWN4MCE3AOHNBA/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1175132"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188229"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-34558"}],"related":["CVE-2021-34558"],"summary":"Security update for go1.15","upstream":["CVE-2021-34558"]}