Accepted golang 2:1.0.2-1.1+deb7u2 (source amd64 all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Oct 2017 10:47:15 -0400
Source: golang
Binary: golang-go golang-src golang-doc golang-dbg golang golang-mode kate-syntax-go vim-syntax-go
Architecture: source amd64 all
Version: 2:1.0.2-1.1+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
golang - Go programming language compiler - metapackage
golang-dbg - Go programming language compiler - debug files
golang-doc - Go programming language compiler - documentation
golang-go - Go programming language compiler
golang-mode - Go programming language - mode for GNU Emacs
golang-src - Go programming language compiler - source files
kate-syntax-go - Go programming language - Kate highlighting syntax files
vim-syntax-go - Go programming language - Vim highlighting syntax files
Changes:
golang (2:1.0.2-1.1+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-15041: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get"
remote command execution. Using custom domains, it is possible to
arrange things so that example.com/pkg1 points to a Subversion
repository but example.com/pkg1/pkg2 points to a Git repository. If
the Subversion repository includes a Git checkout in its pkg2
directory and some other work is done to ensure the proper ordering of
operations, "go get" can be tricked into reusing this Git checkout for
the fetch of code from pkg2. If the Subversion repository's Git
checkout has malicious commands in .git/hooks/, they will execute on
the system running "go get."
Checksums-Sha1:
4195522e1838e4bb725a187926a3f63fc03187a2 1887 golang_1.0.2-1.1+deb7u2.dsc
7cb8186f3e22cc6c070c1bfbc78971851e38e829 53596 golang_1.0.2-1.1+deb7u2.debian.tar.gz
bcafe71064adcf11173521e4e3b1717b465f38eb 17293376 golang-go_1.0.2-1.1+deb7u2_amd64.deb
3229eb763cbe1838a7526278f73d1be1fb9a2396 3002910 golang-src_1.0.2-1.1+deb7u2_amd64.deb
2bcbfd2024ae5647633452307f914aac5748733d 4523648 golang-doc_1.0.2-1.1+deb7u2_all.deb
8b6ae400b26433573e6258465b6655b924545750 2990310 golang-dbg_1.0.2-1.1+deb7u2_amd64.deb
dbe104e177e843e5bfb69ac6df255c1459b9b75b 25398 golang_1.0.2-1.1+deb7u2_all.deb
c498682162d6cb1a9b5245905f1804e2fa86990c 35568 golang-mode_1.0.2-1.1+deb7u2_all.deb
759236622bce981367f688c489903e78f4a5a379 26554 kate-syntax-go_1.0.2-1.1+deb7u2_all.deb
c74ae8a8d9c751cd7e553c6c942ce9b127abd90d 31056 vim-syntax-go_1.0.2-1.1+deb7u2_all.deb
Checksums-Sha256:
71cfdda9416213db61e0a4442178aac6f4a8cbf50c1737599bf662bc88055429 1887 golang_1.0.2-1.1+deb7u2.dsc
db518b45d9cb6a7b6ecc9df42182bc190c99e1d3fef5861b1bed2deb4296c316 53596 golang_1.0.2-1.1+deb7u2.debian.tar.gz
e21bc9980bc1385172fbbe663f90552326fbd72379bd459505906f2c2542fde3 17293376 golang-go_1.0.2-1.1+deb7u2_amd64.deb
c0507ab7280da86b10a3b9bb71b5d22d910dd9ef33d3a86af1172c8a15c71d46 3002910 golang-src_1.0.2-1.1+deb7u2_amd64.deb
e7e0f13b5ff90b6662389ac7665e036296c3a037e83fee9693b205818decfbdb 4523648 golang-doc_1.0.2-1.1+deb7u2_all.deb
5e0a9e3ed8828b6a66cd11ad5bf22e86e944e0a61f2f73a5d6b56577b0b317ce 2990310 golang-dbg_1.0.2-1.1+deb7u2_amd64.deb
9b1bf0916f6cea5dd51b0880dbad4e36dab6b64c45ecaab2391784bbbe498746 25398 golang_1.0.2-1.1+deb7u2_all.deb
7005b83e9b6eb0944ed530ae544b875c68f5bb8f9d1c283b371a4a896260e627 35568 golang-mode_1.0.2-1.1+deb7u2_all.deb
5374b2c3b81e4bd58ca56f5245c11aa8a26df02d562e0a0d280b34fb677bd248 26554 kate-syntax-go_1.0.2-1.1+deb7u2_all.deb
7cf0708594ab09b339b107a17d67fe73a4205aaad623dae1ca3dfc9a46092883 31056 vim-syntax-go_1.0.2-1.1+deb7u2_all.deb
Files:
816c2122662e3f3cd2ea1339b00a1915 1887 devel optional golang_1.0.2-1.1+deb7u2.dsc
4c1f5c73e602d60b614e9c8dcaa90903 53596 devel optional golang_1.0.2-1.1+deb7u2.debian.tar.gz
503d2dbde332357c1369b5f2317f9b64 17293376 devel optional golang-go_1.0.2-1.1+deb7u2_amd64.deb
a3d8923a62aaca7cda11abd94247248e 3002910 devel optional golang-src_1.0.2-1.1+deb7u2_amd64.deb
8f2b16a7a38b545a30627a27fa96dcac 4523648 doc optional golang-doc_1.0.2-1.1+deb7u2_all.deb
96aaee9cce96c26dec6784eba1376ec6 2990310 debug extra golang-dbg_1.0.2-1.1+deb7u2_amd64.deb
a60254288b36aba44dbbb062e0720faf 25398 devel optional golang_1.0.2-1.1+deb7u2_all.deb
8c3b278c14f064b9b7a4260ff2e8cedc 35568 devel optional golang-mode_1.0.2-1.1+deb7u2_all.deb
01ab584503f778e245e0aad727b594c6 26554 devel optional kate-syntax-go_1.0.2-1.1+deb7u2_all.deb
0647c247976b0cace8d915363f7e38e3 31056 devel optional vim-syntax-go_1.0.2-1.1+deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlnzT8EACgkQPqHd3bJh
2XsGCAf9F3QtyuAgePw0wFmK8rYyXehnE6gxa9RNEBPHydJsp0qevQxCgNdC71BP
DsGbr1RlJsHL5jqAvbCvc16T89S5XQEgQJON100gVVk8IuqLfWV5D5sAPs6USRW9
aLINuHIKGQhIPxqcJNcT8SO6BsE6VesB3avJRoLsBRiW59BHd9bJJyAaNxE0uz4H
gl6ftGO1sNlERRhyz3kN7owFtp7WpWKsIYpHj7pyAj7yLCfjr8rmZOja7AkGL5dQ
2yEPDFKP3yWJGK0VKrW5JrDiybaEdcdv38VCBBqeXXV4UU/WsKd2XiIa+BC0LeI2
jZpD8WD7C/LEGxG6eUKs0RlxvYKVjg==
=N9H2
-----END PGP SIGNATURE-----