Accepted golang-1.18 1.18.8-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted golang-1.18 1.18.8-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 09 Nov 2022 19:35:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: golang-1.18_1.18.8-1_source.changes
- Debian-source: golang-1.18
- Debian-suite: unstable
- Debian-version: 1.18.8-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=1gyKROYbMG8bH/U4bsBu2ElB2KHCiPtGGp0ade4gElU=; b=ad8hogr6JKU25emHLNDgwErQoh 619CqkE8F/MJ8oHDdwp6NwgAYKA9PJcD/UNzHbvBZrN3Ebg2IwFqnrn7X3iPyoVR03LWyNxbbUjzL aFzy2ZUp0f+Yj8f66N1UxRdzdPKqRTV0lLI3Lpl6ATeoQy7Mh1KkQJsZp1/vwDEFU7Ebs7Cny5AtR WXuqDDn7deXi1l8Q8MQGknB4EE872P/Xv8jP9eGsNmBqDwt4pdHx2XpGajskIrQjQUE8IIXq1gTAD OHtlsiWjLV4WCQTwv++GyifYi07q46GxFn0u256477QKsyedWaGOWRMZ82JPD0oJnw/76SBVGS3Ru K3jIz6Ig==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1osqr3-002bkR-KU@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 03 Nov 2022 08:20:54 -0500
Source: golang-1.18
Architecture: source
Version: 1.18.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: William 'jawn-smith' Wilson <jawn-smith@ubuntu.com>
Changes:
golang-1.18 (1.18.8-1) unstable; urgency=medium
.
* New upstream version 1.18.8
+ CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables
On Windows, syscall.StartProcess and os/exec.Cmd did not properly check
for invalid environment variable values. A malicious environment variable
value could exploit this behavior to set a value for a different
environment variable.
Checksums-Sha1:
8fc152a1a9d4e2754795ad0270b379eb09f63fa8 2255 golang-1.18_1.18.8-1.dsc
6006528bee9fcee269c53c33f45e80c33e188e06 22873390 golang-1.18_1.18.8.orig.tar.gz
03c649d93bac17defedddca9f1a6e3dedc776334 819 golang-1.18_1.18.8.orig.tar.gz.asc
bc615cfda9f1e1e4b5befb45e928a0c19ee9b855 42120 golang-1.18_1.18.8-1.debian.tar.xz
fa501b73775c27a9f207c8bb4e17516bc7afd460 6530 golang-1.18_1.18.8-1_amd64.buildinfo
Checksums-Sha256:
5bbeb75519adfb45c32b075d3b66dfe365a6dec3e347acf71834a7f43ade905e 2255 golang-1.18_1.18.8-1.dsc
1f79802305015479e77d8c641530bc54ec994657d5c5271e0172eb7118346a12 22873390 golang-1.18_1.18.8.orig.tar.gz
6534831f7dc383730c865c87689545ecd98b4547c91cf1bcc0c7c77b03f70118 819 golang-1.18_1.18.8.orig.tar.gz.asc
fa1e0126a879c41fd4c1990d302b9a67a4f6baaaeeb570f2ebea3b2ed19d09f4 42120 golang-1.18_1.18.8-1.debian.tar.xz
b87828d1d9b4015ff537bdae78c85c37dae5767e25260d36c9c988430ae7e009 6530 golang-1.18_1.18.8-1_amd64.buildinfo
Files:
1a402671e45424bb002269552f820027 2255 golang optional golang-1.18_1.18.8-1.dsc
4da6e6a0f709a4fe9f5b1033a8439a09 22873390 golang optional golang-1.18_1.18.8.orig.tar.gz
aafb2cc2c7c56fd6e48c4f33186d6fa5 819 golang optional golang-1.18_1.18.8.orig.tar.gz.asc
c42ab88092a252a7b6784ca53d141488 42120 golang optional golang-1.18_1.18.8-1.debian.tar.xz
d6661a7d7a8ba8cf465bbe8ebaffce9a 6530 golang optional golang-1.18_1.18.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCY2v9SxAcemhzakBkZWJp
YW4ub3JnAAoJEH9E+iXqVRTLh0cBAIPBdDPPhHfEWvLj1PR2bdeSaWZ+DTAIui7c
ZYtsIvmHAP9kviVzzy2Xbn/N96Qki/AaANRwRb0XjW8K1Hs47dhBCg==
=ULqQ
-----END PGP SIGNATURE-----