[Deepin Integration]~[v25-Release] fix: CVE-2026-34986 panic on KeyUnwrap of too-short slice by deepin-ci-robot@deepin-community/golang-gopkg-square-go-jose.v2 by deepin-community-ci-bot[bot]

### Package information | 软件包信息

包名 | 版本
--  | --
golang-gopkg-square-go-jose.v2 | [2.6.0-2deepin1](https://github.com/deepin-community/golang-gopkg-square-go-jose.v2/commit/efb4900bf26f60c54eca9ff141c2b6dab9d92938)

### Package repository address | 软件包仓库地址

    deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-4041/testing/ ./

### Changelog | 更新信息

#### golang-gopkg-square-go-jose.v2 (2.6.0-2deepin1) unstable; urgency=medium

  * Fix CVE-2026-34986: panic on KeyUnwrap of too-short slice
    Backport fix from go-jose/go-jose v3.0.5 to add length validation
    in KeyUnwrap and nil recipient checks in decryptKey functions.




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Deepin Integration]~[v25-Release] fix: CVE-2026-34986 panic on KeyUnwrap of too-short slice by deepin-ci-robot@deepin-community/golang-gopkg-square-go-jose.v2 by deepin-community-ci-bot[bot] #13300

Package information | 软件包信息

Package repository address | 软件包仓库地址

Changelog | 更新信息

golang-gopkg-square-go-jose.v2 (2.6.0-2deepin1) unstable; urgency=medium

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Deepin Integration]~[v25-Release] fix: CVE-2026-34986 panic on KeyUnwrap of too-short slice by deepin-ci-robot@deepin-community/golang-gopkg-square-go-jose.v2 by deepin-community-ci-bot[bot] #13300

Description

Package information | 软件包信息

Package repository address | 软件包仓库地址

Changelog | 更新信息

golang-gopkg-square-go-jose.v2 (2.6.0-2deepin1) unstable; urgency=medium

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions