---
- branch: MAIN
  date: Sat Jul 15 10:40:37 UTC 2023
  files:
  - new: '1.183'
    old: '1.182'
    path: pkgsrc/lang/go/version.mk
    pathrev: pkgsrc/lang/go/version.mk@1.183
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/lang/go120/PLIST
    pathrev: pkgsrc/lang/go120/PLIST@1.7
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/lang/go120/distinfo
    pathrev: pkgsrc/lang/go120/distinfo@1.7
    type: modified
  id: 20230715T104037Z.9cb0c7408a1c6a6ffaa54a1b475f9c54877b67f0
  log: |
    go120: update to 1.20.6 (security)

    This minor release includes 1 security fix following the security policy:

    net/http: insufficient sanitization of Host header

    The HTTP/1 client did not fully validate the contents of the Host header. A
    maliciously crafted Host header could inject additional headers or entire
    requests. The HTTP/1 client now refuses to send requests containing an invalid
    Request.Host or Request.URL.Host value.

    Thanks to Bartek Nowotarski for reporting this issue.

    Includes security fixes for CVE-2023-29406 and Go issue
    https://go.dev/issue/60374
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1689417637'
  user: bsiegert