Accepted golang-1.18 1.18.4-1~bpo11+1 (source) into bullseye-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Jul 2022 11:01:43 -0600
Source: golang-1.18
Architecture: source
Version: 1.18.4-1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
golang-1.18 (1.18.4-1~bpo11+1) bullseye-backports; urgency=medium
.
* Rebuild for bullseye-backports.
.
golang-1.18 (1.18.4-1) unstable; urgency=medium
.
* New upstream version 1.18.4
+ CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
header
+ CVE-2022-32148: When httputil.ReverseProxy.ServeHTTP was called with a
Request.Header map containing a nil value for the X-Forwarded-For header,
ReverseProxy would set the client IP as the value of the X-Forwarded-For
header, contrary to its documentation. In the more usual case where a
Director function set the X-Forwarded-For header value to nil,
ReverseProxy would leave the header unmodified as expected.
+ CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
+ CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
+ CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
+ CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
+ CVE-2022-30632: path/filepath: stack exhaustion in Glob
+ CVE-2022-30630: io/fs: stack exhaustion in Glob
+ CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
Checksums-Sha1:
af87d9b9995f35beb39bc99e25c711153f3f3d68 2893 golang-1.18_1.18.4-1~bpo11+1.dsc
56edf5faab26da1e153c6ee4dce6b4dde98dd73c 41484 golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz
c5d25fe6300e21757bdefb13b16cd5b068a874d1 7141 golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
a2304e69e8874f9b9fc14c7d2d8081d6a835524342155fd73184d36edd4a75ed 2893 golang-1.18_1.18.4-1~bpo11+1.dsc
d42bda2c1418fe7e9bd78798ed11c8b75da54f5c6c0dbcd809c3a51c0b4081f1 41484 golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz
bb8bb56e59cbed0dc11b20ea5c90ce4fe26f651d28e6742f7443d127adbb4319 7141 golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo
Files:
0d3ad87a34111be0aa5a3c7ba05aa3df 2893 golang optional golang-1.18_1.18.4-1~bpo11+1.dsc
0436c9c2482683cf0f4c324e1c1bd695 41484 golang optional golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz
19ee0ec30f3c9ebc22c487838316c8d2 7141 golang optional golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmLQVp4QHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz9bjD/9pzo01sK4szMsOCqTdZ0Wl/mLHtqVuD5t/
m+XkhwhRhRQWuLuKZSueuBHo+gU8NvWrlNFYDubX/sn6h4Vpp0kvPB8acLRgARlI
ymJxX7CHXHTn7gX+2yC+NtuRb4fxW1LxjFubAqPyNyEfqNRZGAvjeu+M0UiBQXl0
r3ZHuG4xYKTakkm0nqvl3PRci6klug+NyFMFpnmLwAnf/ikwZcenCr0x1e19PjUl
RU6v3KoBm/Axttd7JKUZwhXzEirSe1/pJnR+Nl7Xywo/1EZG6Quuk7mcPTbHTb6y
wjHk80P7L9A3stDQKfhWDx2omUuhS/q8Lkbb14Z4pT0/DTLHT0heYRgR1DOm1dWf
umT8V1dqTlK0tuB2rUL+om8PloA0pQShEOc1WZfK6NMlNKuqEkBH10MhWmESeA25
kK5yqjJwaWc+zYM4lX8l812TNlhhNten6Phk/MxuGk3LnO8UXdaQuharRmKJ4Z94
saqo1mKi5lR5rRDEKy2455Q+tN9jzSwmVVyN2b+zL6cwRmRqBpZgIbBDSH2IvJDU
yTxvwYj6HRfz+DFWef3zmyZk1Yi5XncwXOCh8jmtDQ502185ZhXiko4shr/4B3po
ycd6mUV17qH1k7BZ0Vdgo9Eqy0sPZSjPbDF2OAoUSNg3cCU5lOiYL9lX0/9EYjcg
8Oxg/ZoCLQ==
=2TEU
-----END PGP SIGNATURE-----
Reply to: