Giters

pingcap / tidb

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://www.pingcap.com/tidb-serverless/

Home Page:https://pingcap.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

upgrade go 1.21.10

hawkingrei opened this issue · comments

commented

Enhancement

These minor releases include 2 security fixes following the security policy:

cmd/go: arbitrary code execution during build on darwin

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Thanks to Juho Forsén of Mattermost for reporting this issue.

This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

net: malformed DNS message can cause infinite loop

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Thanks to @long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to our attention.

This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.