MGASA-2025-0205

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0205.html

Import Source

https://advisories.mageia.org/MGASA-2025-0205.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0205

Related

CVE-2025-4674

Published

2025-07-11T18:52:28Z

Modified

2025-07-11T18:14:31Z

Summary

Updated golang packages fix security vulnerabilities

Details

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / golang

Package

Name: golang
Purl: pkg:rpm/mageia/golang?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.5-1.mga9

Ecosystem specific

{
    "section": "core"
}