Back to golang-1.17 PTS page

Accepted golang-1.17 1.17.13-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted golang-1.17 1.17.13-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 10 Aug 2022 08:40:01 +0000
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=k5bLPwnru2MHTm5NMOZITPlw2JfhWLGWvEXGyHIp484=; b=UwdQEjAMt01tuFzZEJaA7TSfLc B5m0S/zjsVd7vi7Gyq6R3u6aKSV4pPf614q/54Rwx5f9H3D3NH5nuxgbOUQr/kVMZNSj63EJRbFTT WQNK48LfyR5jFWA1jREKssNjuFiridJ+J8x5BeA6Id3mMChT7GPAPUWmprPNODe/E0H7refDVu8lD 5/hIr9XH7gC4XvO/GgBgcyaCtIeT0ytO6TmC65AtJAchDLNDna2+ycvyXQJJ6hl9rv5dfNGac5/It 754L5NzA5HHokWKHyJPoVTR5xsg2BI3BfZUIlYJ5aW8CLoRoiRtyIdI5RpZDyXSnCm8n4vambsKph +u9ulinQ==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1oLhFx-000PEB-Ip@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Aug 2022 01:26:17 -0600
Source: golang-1.17
Architecture: source
Version: 1.17.13-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
 golang-1.17 (1.17.13-1) unstable; urgency=medium
 .
   [ Shengjing Zhu ]
   * Update upstream signing key.
     Download from https://dl.google.com/dl/linux/linux_signing_key.pub
 .
   [ Anthony Fok ]
   * New upstream version 1.17.13
     - Security vulnerabilities fixed in 1.17.12:
       + CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
                        header
       + CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
       + CVE-2022-30630: io/fs: stack exhaustion in Glob
       + CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
       + CVE-2022-30632: path/filepath: stack exhaustion in Glob
       + CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
       + CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
       + CVE-2022-32148: net/http: Improper exposure of client IP addresses
     - Security vulnerabilities fixed in 1.17.13:
       + CVE-2022-32189: math/big: index out of range in Float.GobDecode
   * Bump Standards-Version to 4.6.1 (no change)
Checksums-Sha1:
 55926a80f854120c9b5aa8dc7c9809d319fbedc3 2871 golang-1.17_1.17.13-1.dsc
 88e2bd59e440816155b9355a74185269b220453a 22206518 golang-1.17_1.17.13.orig.tar.gz
 025bfffcd518e5461ecd5a29e5b946549a31dffe 819 golang-1.17_1.17.13.orig.tar.gz.asc
 6db4b7025b3dcdaeca0aa467f3a10561cb28894a 41424 golang-1.17_1.17.13-1.debian.tar.xz
 48515f1e0a6c15356b384e15fec045213ef4c8e2 7085 golang-1.17_1.17.13-1_amd64.buildinfo
Checksums-Sha256:
 f95f15a092f37137a57af698e2b4df648c100a3b9eee1dce3525d29f40199e34 2871 golang-1.17_1.17.13-1.dsc
 a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd 22206518 golang-1.17_1.17.13.orig.tar.gz
 bb64ccde19f26f76031d05ff52e813d75970220be12f1aca61eddfe9f3b009f0 819 golang-1.17_1.17.13.orig.tar.gz.asc
 e32def5044704dd189fa46f155b3cf779c0eebd567f1d6495001458ad8c938e4 41424 golang-1.17_1.17.13-1.debian.tar.xz
 3e6445fb738ce936d9bf4d3fb169f55d62a686b21e5252a6bf7428eb7d830a78 7085 golang-1.17_1.17.13-1_amd64.buildinfo
Files:
 2484173425f7e070746a091cbb64b315 2871 golang optional golang-1.17_1.17.13-1.dsc
 4476707f05cf6915ec1173038dc357a9 22206518 golang optional golang-1.17_1.17.13.orig.tar.gz
 0bb492661061623ca6e46aad83a8d26c 819 golang optional golang-1.17_1.17.13.orig.tar.gz.asc
 f979fa3f26347c02f45013c6d6a58de1 41424 golang optional golang-1.17_1.17.13-1.debian.tar.xz
 069ba22ebebf5bbe57496b9a83879bd9 7085 golang optional golang-1.17_1.17.13-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmLzZNYQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz45nD/48XTvzliUx7mLSVLtjQF+dF6RMTt0h15SF
JXiwHqwAIKcAJismhfyanhbbzIZGZKQGJh1QXCHuOke/xnKtbq8xAIoVG+aA4Z5C
k6gKhAwgCFeHiyLs2/xEFHEBxAgrdkuXPTLt2AW5WTUy1j1CbJwCg7hDwr/FA+UN
m0qCc5mKv+A0TEDR8NB5D7wysDNWc6UTpoG1e5U/6Fh0y17wppjED/so7teKwR+h
DaL4cFVn+vIx/7v5QqzMcHZOjyd4VdUZlhdipsWik9nOYIHFujs6wlmwlbxYc+Wf
t1xvikRLuMHVVMYxg9ue9gYtG4G/yGDztI7Ua57wWd2gnviZ8c4v/F8xH4TRqcK6
vM8AhI9NmAuQrR5wwZhmjIiE4nNUoRXy//QfEsqbbwpzeDBm4Bxc0Jn6NXWKCIid
SMWfKZud8vB/+end4PszFvVAWjvO4L1q1A/0Rug2CYrLKg/5EelDAHd4OFYdM3Em
0qRQm9ck4bj2b43K3RdoLCRmaccHs7nIR2mXRWvGBUBIHcw4NAHRhZYqEYCGPYCM
5HBuf+5ylw368omABhJ8ZaCY4vWHB2Rz9kP6XuZczTna98/jdadApUvUI/DfLDj0
0pRBAztKHqIwAVFemWSrRulrpmt0K28YQWh6sP+z0qOienZtFJb+dyAP880l6EUp
uypRPiwzJw==
=rTid
-----END PGP SIGNATURE-----