Golang security: fix CVE-2025-47907 - Aurora Blog|java/go/python

This is a PRIVATE issue for CVE-2025-47907, tracked in http://b/428194174.

/cc @golang/security and @golang/release

Comment From: rolandshoemaker

@gopherbot please open backport issues.

Comment From: gopherbot

Backport issue(s) opened: #74832 (for 1.23), #74833 (for 1.24), #74834 for (1.25).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

Comment From: rolandshoemaker

@gopherbot open a backport issue for Go 1.25.