rebase: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. See-also: https://go.dev/issue/56152 See-also: https://bugzilla.redhat.com/CVE-2022-32149 Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-14 10:53:34 +00:00 · 2022-10-17 08:49:59 +02:00
parent b3837d44ce
commit e08005f402
27 changed files with 667 additions and 583 deletions
--- a/vendor/golang.org/x/text/encoding/internal/identifier/mib.go
+++ b/vendor/golang.org/x/text/encoding/internal/identifier/mib.go
@ -905,6 +905,14 @@ const (
 	// https://www.unicode.org/notes/tn6/
 	BOCU1 MIB = 1020

+	// UTF7IMAP is the MIB identifier with IANA name UTF-7-IMAP.
+	//
+	// Note: This charset is used to encode Unicode in IMAP mailbox names;
+	// see section 5.1.3 of rfc3501 . It should never be used
+	// outside this context. A name has been assigned so that charset processing
+	// implementations can refer to it in a consistent way.
+	UTF7IMAP MIB = 1021
+
 	// Windows30Latin1 is the MIB identifier with IANA name ISO-8859-1-Windows-3.0-Latin-1.
 	//
 	// Extended ISO 8859-1 Latin-1 for Windows 3.0.