rebase: x/text: ParseAcceptLanguage takes a long time to parse complex tags #3439
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Madhu-1
previously approved these changes
Oct 17, 2022
|
@nixpanic commitlint is failing |
nixpanic
force-pushed
the
bug/CVE-2022-32149
branch
from
028661b
to
cb9bcc2
Compare
Madhu-1
approved these changes
Oct 17, 2022
Rakshith-R
approved these changes
Oct 17, 2022
nixpanic
force-pushed
the
bug/CVE-2022-32149
branch
from
cb9bcc2
to
eed61e6
Compare
nixpanic
added
ci/retry/e2e
|
@Mergifyio rebase |
✅ Branch has been successfully rebased |
Madhu-1
force-pushed
the
bug/CVE-2022-32149
branch
from
eed61e6
to
14e6337
Compare
|
/retest ci/centos/mini-e2e-helm/k8s-1.22 |
|
/retest ci/centos/k8s-e2e-external-storage/1.23 |
|
/retest ci/centos/upgrade-tests-cephfs |
|
@Mergifyio rebase |
✅ Branch has been successfully rebased |
Madhu-1
force-pushed
the
bug/CVE-2022-32149
branch
from
14e6337
to
dc59b45
Compare
|
@Mergifyio rebase |
A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. See-also: https://go.dev/issue/56152 See-also: https://bugzilla.redhat.com/CVE-2022-32149 Signed-off-by: Niels de Vos <ndevos@redhat.com>
✅ Branch has been successfully rebased |
Madhu-1
force-pushed
the
bug/CVE-2022-32149
branch
from
dc59b45
to
00a6118
Compare
This was referenced Oct 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Version v0.3.8 of golang.org/x/text fixes a vulnerability.
See-also: https://go.dev/issue/56152
See-also: https://bugzilla.redhat.com/CVE-2022-32149
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)
/retest all: run this in case the CentOS CI failed to start/report any testprogress or results