{"affected":[{"ecosystem_specific":{"binaries":[{"go1.23":"1.23.7-150000.1.24.1","go1.23-doc":"1.23.7-150000.1.24.1","go1.23-race":"1.23.7-150000.1.24.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"go1.23","purl":"pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.23.7-150000.1.24.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.23":"1.23.7-150000.1.24.1","go1.23-doc":"1.23.7-150000.1.24.1","go1.23-race":"1.23.7-150000.1.24.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"go1.23","purl":"pkg:rpm/opensuse/go1.23&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.23.7-150000.1.24.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.23 fixes the following issues:\n\n  - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572)\n\n  Other fixes:\n\n  - Updated go version to go1.23.7 (bsc#1229122):\n  * go#71985 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs\n  * go#71727 runtime: usleep computes wrong tv_nsec on s390x\n  * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error\n  * go#71848 os: spurious SIGCHILD on running child process\n  * go#71875 reflect: Value.Seq panicking on functional iterator methods\n  * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types\n  * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement\n","id":"SUSE-SU-2025:0803-1","modified":"2025-03-06T14:05:44Z","published":"2025-03-06T14:05:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250803-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229122"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238572"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"}],"related":["CVE-2025-22870"],"summary":"Security update for go1.23","upstream":["CVE-2025-22870"]}