Accepted golang-1.16 1.16.8-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Sep 2021 17:07:36 -0600
Source: golang-1.16
Architecture: source
Version: 1.16.8-1
Distribution: unstable
Urgency: high
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
golang-1.16 (1.16.8-1) unstable; urgency=high
.
* New upstream version 1.16.8
+ CVE-2021-39293: security fix to the archive/zip package
The fix for CVE-2021-33196 can be bypassed by crafted inputs.
As a result, the NewReader and OpenReader functions in archive/zip
can still cause a panic or an unrecoverable fatal error when reading
an archive that claims to contain a large number of files,
regardless of its actual size.
Thanks to the OSS-Fuzz project for discovering this issue
and to Emmanuel Odeke for reporting it.
+ bug fixes to the archive/zip, go/internal/gccgoimporter,
html/template, net/http, and runtime/pprof packages
* Fix Lintian warning: tab-in-license-text in debian/copyright
* Sync recent d/control changes back to d/control.in
* Rename Maintainer from "Go Compiler Team" to "Debian Go Compiler Team"
* Bump Standards-Version to 4.6.0 (no change)
Checksums-Sha1:
c3cad12ad4335a6fcf6307b7e9df45368ae25a05 2864 golang-1.16_1.16.8-1.dsc
5d72485dfaee6d7153f38b649a007f8c10a0336f 20922236 golang-1.16_1.16.8.orig.tar.gz
05412e26f8ff1665456d732c0cd337ee1e0c55cd 819 golang-1.16_1.16.8.orig.tar.gz.asc
e69e69d872da3075bf931ef74ca94355128c7559 40224 golang-1.16_1.16.8-1.debian.tar.xz
6ae7af489217fd8521a5074bfb494fc2b95d378e 6752 golang-1.16_1.16.8-1_amd64.buildinfo
Checksums-Sha256:
4bf440a2c662f4b2bb21ce9043f2658eb460ddb2143dcbfc99a0b925a0c22078 2864 golang-1.16_1.16.8-1.dsc
8f2a8c24b793375b3243df82fdb0c8387486dcc8a892ca1c991aa99ace086b98 20922236 golang-1.16_1.16.8.orig.tar.gz
841d331a8fa14d4b67febde169a1a5b8ae414705ca5195b7547625c941947ca4 819 golang-1.16_1.16.8.orig.tar.gz.asc
cfc656879c974bf8ff7400a1faabd9c00271d4f8ba4b9c3a582f064bb49fd56d 40224 golang-1.16_1.16.8-1.debian.tar.xz
61496d95cebdf408c7ccc6b39a601a3a75ad2d246c2c52b6ed530f1ca2b11158 6752 golang-1.16_1.16.8-1_amd64.buildinfo
Files:
a340a9eaba7451c74f86ae0ef4f384a8 2864 golang optional golang-1.16_1.16.8-1.dsc
92e69a5e1bb6ea5e7498d12d03160032 20922236 golang optional golang-1.16_1.16.8.orig.tar.gz
876ea147ec30660c6ce563e4fb60e554 819 golang optional golang-1.16_1.16.8.orig.tar.gz.asc
b0d4542df9085273a5f8c46f9c2b54b2 40224 golang optional golang-1.16_1.16.8-1.debian.tar.xz
aebcd85b11837857d7ddf7d7b6e80a30 6752 golang optional golang-1.16_1.16.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmE77qYQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz/r5D/0ZVdIxOC12zL7s5ZP8oNX53V7t4CDzkhAc
eOd8B1EPVQjlFrwYqAnw+ysDmjVxTluUh21qF0DxrxltdqStO3PQ94bSFSoesV4B
L/DQFtXb23fSEkTJEdV/vFkn0m/AAp3rfBMLRAghywiY/tsKnY9IzfsApR1fOYBZ
Ou3P638xpYSrL3KmrcdUUfSfadA6/rgujDPaijhs+TkoxHBS3BexB+YS3yZSTPde
h99ZOXnvmdbAXt89CMn3WjmD0ioZ7bD4P0+AGTTMSnLUA2mGjPlIC+4Q2IJjWG9O
5z2qkKn0vdQsUVvUItmy4hSrpSgoTKvVZbFtdSHRnsWkwcTWhGfElM33wPosPdXr
frHAg6gXzUdQ7UhpNIzgjxWPwuqcUhCUGLhFlwqIhwr7H/Qbbor1YQFFWutKRPI6
OxKufhEynsRRIpQOsyeNMdVo+6QlgIoJoO6Tdw95cg4v0pySmIAS04VCVuweVrJ6
+cjqGutKEAYuJpeMly4E56S1nU4thisWAAdZaPPgHYiAKbbmtX5vEJZ/jmRPlCiW
re6HI+QbgysUie5YEp4Fzr5tMnX+Ic23Hwx3DDPX1Ocup2I0+RheOdUqa0nS4YLg
PNtHhklwrZ43x6UxdP+l72cq8NWZbf4L9s+mc/1QdyilJE8ZYlBvRATMi48a674i
WkesvMUQ2g==
=+rHl
-----END PGP SIGNATURE-----
Reply to: