Accepted golang-1.17 1.17.13-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted golang-1.17 1.17.13-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 10 Aug 2022 08:40:01 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=k5bLPwnru2MHTm5NMOZITPlw2JfhWLGWvEXGyHIp484=; b=UwdQEjAMt01tuFzZEJaA7TSfLc B5m0S/zjsVd7vi7Gyq6R3u6aKSV4pPf614q/54Rwx5f9H3D3NH5nuxgbOUQr/kVMZNSj63EJRbFTT WQNK48LfyR5jFWA1jREKssNjuFiridJ+J8x5BeA6Id3mMChT7GPAPUWmprPNODe/E0H7refDVu8lD 5/hIr9XH7gC4XvO/GgBgcyaCtIeT0ytO6TmC65AtJAchDLNDna2+ycvyXQJJ6hl9rv5dfNGac5/It 754L5NzA5HHokWKHyJPoVTR5xsg2BI3BfZUIlYJ5aW8CLoRoiRtyIdI5RpZDyXSnCm8n4vambsKph +u9ulinQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oLhFx-000PEB-Ip@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 10 Aug 2022 01:26:17 -0600
Source: golang-1.17
Architecture: source
Version: 1.17.13-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
golang-1.17 (1.17.13-1) unstable; urgency=medium
.
[ Shengjing Zhu ]
* Update upstream signing key.
Download from https://dl.google.com/dl/linux/linux_signing_key.pub
.
[ Anthony Fok ]
* New upstream version 1.17.13
- Security vulnerabilities fixed in 1.17.12:
+ CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
header
+ CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
+ CVE-2022-30630: io/fs: stack exhaustion in Glob
+ CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
+ CVE-2022-30632: path/filepath: stack exhaustion in Glob
+ CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
+ CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
+ CVE-2022-32148: net/http: Improper exposure of client IP addresses
- Security vulnerabilities fixed in 1.17.13:
+ CVE-2022-32189: math/big: index out of range in Float.GobDecode
* Bump Standards-Version to 4.6.1 (no change)
Checksums-Sha1:
55926a80f854120c9b5aa8dc7c9809d319fbedc3 2871 golang-1.17_1.17.13-1.dsc
88e2bd59e440816155b9355a74185269b220453a 22206518 golang-1.17_1.17.13.orig.tar.gz
025bfffcd518e5461ecd5a29e5b946549a31dffe 819 golang-1.17_1.17.13.orig.tar.gz.asc
6db4b7025b3dcdaeca0aa467f3a10561cb28894a 41424 golang-1.17_1.17.13-1.debian.tar.xz
48515f1e0a6c15356b384e15fec045213ef4c8e2 7085 golang-1.17_1.17.13-1_amd64.buildinfo
Checksums-Sha256:
f95f15a092f37137a57af698e2b4df648c100a3b9eee1dce3525d29f40199e34 2871 golang-1.17_1.17.13-1.dsc
a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd 22206518 golang-1.17_1.17.13.orig.tar.gz
bb64ccde19f26f76031d05ff52e813d75970220be12f1aca61eddfe9f3b009f0 819 golang-1.17_1.17.13.orig.tar.gz.asc
e32def5044704dd189fa46f155b3cf779c0eebd567f1d6495001458ad8c938e4 41424 golang-1.17_1.17.13-1.debian.tar.xz
3e6445fb738ce936d9bf4d3fb169f55d62a686b21e5252a6bf7428eb7d830a78 7085 golang-1.17_1.17.13-1_amd64.buildinfo
Files:
2484173425f7e070746a091cbb64b315 2871 golang optional golang-1.17_1.17.13-1.dsc
4476707f05cf6915ec1173038dc357a9 22206518 golang optional golang-1.17_1.17.13.orig.tar.gz
0bb492661061623ca6e46aad83a8d26c 819 golang optional golang-1.17_1.17.13.orig.tar.gz.asc
f979fa3f26347c02f45013c6d6a58de1 41424 golang optional golang-1.17_1.17.13-1.debian.tar.xz
069ba22ebebf5bbe57496b9a83879bd9 7085 golang optional golang-1.17_1.17.13-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmLzZNYQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz45nD/48XTvzliUx7mLSVLtjQF+dF6RMTt0h15SF
JXiwHqwAIKcAJismhfyanhbbzIZGZKQGJh1QXCHuOke/xnKtbq8xAIoVG+aA4Z5C
k6gKhAwgCFeHiyLs2/xEFHEBxAgrdkuXPTLt2AW5WTUy1j1CbJwCg7hDwr/FA+UN
m0qCc5mKv+A0TEDR8NB5D7wysDNWc6UTpoG1e5U/6Fh0y17wppjED/so7teKwR+h
DaL4cFVn+vIx/7v5QqzMcHZOjyd4VdUZlhdipsWik9nOYIHFujs6wlmwlbxYc+Wf
t1xvikRLuMHVVMYxg9ue9gYtG4G/yGDztI7Ua57wWd2gnviZ8c4v/F8xH4TRqcK6
vM8AhI9NmAuQrR5wwZhmjIiE4nNUoRXy//QfEsqbbwpzeDBm4Bxc0Jn6NXWKCIid
SMWfKZud8vB/+end4PszFvVAWjvO4L1q1A/0Rug2CYrLKg/5EelDAHd4OFYdM3Em
0qRQm9ck4bj2b43K3RdoLCRmaccHs7nIR2mXRWvGBUBIHcw4NAHRhZYqEYCGPYCM
5HBuf+5ylw368omABhJ8ZaCY4vWHB2Rz9kP6XuZczTna98/jdadApUvUI/DfLDj0
0pRBAztKHqIwAVFemWSrRulrpmt0K28YQWh6sP+z0qOienZtFJb+dyAP880l6EUp
uypRPiwzJw==
=rTid
-----END PGP SIGNATURE-----