On Fri, Apr 10, 2026 at 04:58:03AM +0200, Solar Designer wrote: > On Wed, Apr 08, 2026 at 04:24:34PM -0700, Alan Coopersmith wrote: > > https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU announces: > > >We have just released Go versions 1.26.2 and 1.25.9, minor point releases. > > > > > >These releases include 10 security fixes following the security policy: > > This includes 2 issues in the compiler itself, which made some Go > programs not memory safe: ...
I did not see any Linux distribution advisories for compiled Go programs yet, but some projects using Go have released upates: - https://rclone.org/changelog/#v1-73-4-2026-04-08 Update to go 1.25.9 to fix multiple CVEs - https://github.com/grafana/grafana/releases/tag/v12.4.3 2026-04-14: Go: Update to 1.25.9 I looked at https://github.com/gopasspw/gopass and https://github.com/restic/restic, but they have not yet issued updated releases. Perhaps the message did not spread wide enough. Or are many Go programs just not affected? Matthias
