Fix CVE-2024-45341

microsoft · Feb 4, 2025 · c5977fb · c5977fb
1 parent 51a4379
commit c5977fb
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/SPECS/golang/golang-1.18.spec b/SPECS/golang/golang-1.18.spec
@@ -13,7 +13,7 @@
 Summary:        Go
 Name:           golang
 Version:        1.18.8
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -25,7 +25,8 @@ Patch0:         go14_bootstrap_aarch64.patch
 # CVE-2022-41717 is fixed in 1.18.9
 Patch1:         CVE-2022-41717.patch
 # CVE-2024-24790 is fixed in 1.18.8
-Patch2:		CVE-2024-24790.patch
+Patch2:         CVE-2024-24790.patch
+Patch3:         CVE-2024-45341.patch
 Obsoletes:      %{name} < %{version}
 Provides:       %{name} = %{version}
 Provides:       go = %{version}-%{release}
@@ -44,6 +45,7 @@ mv -v go go-bootstrap
 %setup -q -n go
 patch -Np1 --ignore-whitespace < %{PATCH1}
 patch -Np1 --ignore-whitespace < %{PATCH2}
+patch -Np1 --ignore-whitespace < %{PATCH3}
 %build
 # Build go 1.4 bootstrap
 pushd %{_topdir}/BUILD/go-bootstrap/src
@@ -123,7 +125,10 @@ fi
 %{_bindir}/*
 
 %changelog
-* Mon July 29 2024 Bhagyashri Pathak [email protected] - 1.18.8.4
+* Tue Feb 04 2025 Kanishk bansal <[email protected]> - 1.18.8-5
+- Address CVE-2024-45341 using an upstream patch.
+
+* Mon July 29 2024 Bhagyashri Pathak [email protected] - 1.18.8-4
 - Patch CVE-2024-24790
 
 * Mon Jan 23 2022 Nicolas Guibourge <[email protected]> - 1.18.8-3