{"affected":[{"ecosystem_specific":{"binaries":[{"go1.17":"1.17.5-1.14.2","go1.17-doc":"1.17.5-1.14.2","go1.17-race":"1.17.5-1.14.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"go1.17","purl":"pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.17.5-1.14.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.17 fixes the following issues:\n\nUpdated to upstream version 1.17.5 to include fixes to the compiler, linker,\nsyscall, runtime, the net/http, go/types, and time packages (bsc#1190649)\n\n- CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n","id":"openSUSE-SU-2021:4186-1","modified":"2021-12-23T11:35:57Z","published":"2021-12-23T11:35:57Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LSVRDOAVYBVEWAKYWYYNOIQSYE4FHHAJ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193597"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44716"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44717"}],"related":["CVE-2021-44716","CVE-2021-44717"],"summary":"Security update for go1.17","upstream":["CVE-2021-44716","CVE-2021-44717"]}