From 696ed328fb79357e143e8086b2c716eb72c2b9b5 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 8 May 2024 14:21:20 +0200 Subject: [PATCH] fix(security): CVE-2024-24788 malformed DNS message Refs: https://pkg.go.dev/vuln/GO-2024-2824 (cherry picked from commit f3045f0519e0b072dbc574372179267ebe175a79) --- go.mod | 2 +- release-notes/8.0.0/3671.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 release-notes/8.0.0/3671.md diff --git a/go.mod b/go.mod index 296840b0ae..bbf9dfdb8d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module code.gitea.io/gitea -go 1.22.2 +go 1.22.3 require ( code.gitea.io/actions-proto-go v0.4.0 diff --git a/release-notes/8.0.0/3671.md b/release-notes/8.0.0/3671.md new file mode 100644 index 0000000000..4989ba310e --- /dev/null +++ b/release-notes/8.0.0/3671.md @@ -0,0 +1 @@ +CVE-2024-24788: a malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.