bypass-censorship/dnstt_exporter
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Update module golang.org/x/sys to v0.44.0 [SECURITY] #2

Closed
renovate wants to merge 1 commit from renovate/go-golang.org-x-sys-vulnerability into main
pull from: renovate/go-golang.org-x-sys-vulnerability
merge into: bypass-censorship:main
Conversation 2 Commits 1 Files changed 2 +4 -2
renovate commented 2026-05-25 13:28:38 +00:00
Owner
Copy link

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.38.0v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.38.0` → `v0.44.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.38.0...refs/tags/v0.44.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fsys/v0.44.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fsys/v0.38.0/v0.44.0?slim=true) | --- ### Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows [CVE-2026-39824](https://nvd.nist.gov/vuln/detail/CVE-2026-39824) / [GO-2026-5024](https://pkg.go.dev/vuln/GO-2026-5024) <details> <summary>More information</summary> #### Details NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error. #### Severity Unknown #### References - [https://go.dev/issue/78916](https://go.dev/issue/78916) - [https://go.dev/cl/770080](https://go.dev/cl/770080) - [https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg](https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5024) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODYuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Ni41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate added 1 commit 2026-05-25 13:28:38 +00:00
Update module golang.org/x/sys to v0.44.0 [SECURITY]
Some checks failed
buildbot/nix-eval Build done.
Details
buildbot/nix-build gitea:bypass-censorship/dnstt_exporter#checks.x86_64-linux.tests Build done.
Details
buildbot/nix-build Build done.
Details
b140f45027
renovate commented 2026-05-25 13:28:38 +00:00
Author
Owner
Copy link

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25 -> 1.25.0
### ℹ️ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :---------- | :----------------- | | `go` | `1.25` -> `1.25.0` |
abel commented 2026-06-01 06:55:43 +00:00
Owner
Copy link

done in cd7c2753ae

done in https://guardianproject.dev/bypass-censorship/dnstt_exporter/commit/cd7c2753ae2d4fb91145f410ca0cff22f0d9f3ba
abel closed this pull request 2026-06-01 06:55:43 +00:00
Some checks failed
buildbot/nix-eval Build done.
Details
buildbot/nix-build gitea:bypass-censorship/dnstt_exporter#checks.x86_64-linux.tests Build done.
Details
buildbot/nix-build Build done.
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: bypass-censorship/dnstt_exporter#2
No description provided.
Delete branch "renovate/go-golang.org-x-sys-vulnerability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?