Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 #1800

Merged
merged 1 commit into from
Feb 10, 2025
Merged

Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 #1800

merged 1 commit into from
Feb 10, 2025

Conversation

masap
Copy link
Contributor

@masap masap commented Feb 7, 2025

This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)
===================================
Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version         │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-22866 │ UNKNOWN  │ fixed  │ 1.23.5            │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │
│         │                │          │        │                   │                              │ crypto/internal/nistec                     │
│         │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-22866 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘

@masap
Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866
918aa4c 
This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)
===================================
Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version         │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-22866 │ UNKNOWN  │ fixed  │ 1.23.5            │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │
│         │                │          │        │                   │                              │ crypto/internal/nistec                     │
│         │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-22866 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
@masap masap force-pushed the fix-CVE-2025-22866 branch from 797175a to 918aa4c Compare February 7, 2025 08:02
@masap masap changed the title Bump golang from 1.23.4 to 1.23.5 to fix CVE-2025-22866 Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 Feb 7, 2025
afdesk
afdesk approved these changes Feb 10, 2025
View reviewed changes
Copy link
Collaborator

@afdesk afdesk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! @masap thanks for your contribution!

@afdesk afdesk merged commit fcb6517 into aquasecurity:main Feb 10, 2025
5 checks passed
@masap masap deleted the fix-CVE-2025-22866 branch February 10, 2025 06:40
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@afdesk afdesk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@masap @afdesk