The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. https://github.com/golang/go/issues/65083
Created golang tracking bugs for this issue: Affects: epel-all [bug 2268251] Affects: fedora-all [bug 2268250]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259
This issue has been addressed in the following products: Red Hat Openshift distributed tracing 3.2 Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621
This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023
This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045
This issue has been addressed in the following products: RODOO-1.1-RHEL-9 Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616
This issue has been addressed in the following products: OSSO-1.3-RHEL-9 Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637
This issue has been addressed in the following products: KDO-5.0-RHEL-9 Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6969 https://access.redhat.com/errata/RHSA-2024:6969
This issue has been addressed in the following products: Red Hat OpenStack Services on OpenShift PODIFIED 1.0 Via RHSA-2024:9485 https://access.redhat.com/errata/RHSA-2024:9485
This issue has been addressed in the following products: Red Hat Ceph Storage 8.1 Via RHSA-2025:9775 https://access.redhat.com/errata/RHSA-2025:9775
The issue with ParseAddressList is that it mishandles comments (text in parentheses) inside display names, which makes its behavior diverge from conforming address parsers. This inconsistency can be problematic because different programs may interpret the same address string differently, leading to mismatched trust decisions or security checks. In practice, it means one parser might accept or trust an address while another rejects or flags it, creating potential vulnerabilities or confusion in systems that rely on consistent parsing. https://www.greensky-online.com