Accepted golang-1.18 1.18.8-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 03 Nov 2022 08:20:54 -0500
Source: golang-1.18
Architecture: source
Version: 1.18.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: William 'jawn-smith' Wilson <jawn-smith@ubuntu.com>
Changes:
golang-1.18 (1.18.8-1) unstable; urgency=medium
.
* New upstream version 1.18.8
+ CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables
On Windows, syscall.StartProcess and os/exec.Cmd did not properly check
for invalid environment variable values. A malicious environment variable
value could exploit this behavior to set a value for a different
environment variable.
Checksums-Sha1:
8fc152a1a9d4e2754795ad0270b379eb09f63fa8 2255 golang-1.18_1.18.8-1.dsc
6006528bee9fcee269c53c33f45e80c33e188e06 22873390 golang-1.18_1.18.8.orig.tar.gz
03c649d93bac17defedddca9f1a6e3dedc776334 819 golang-1.18_1.18.8.orig.tar.gz.asc
bc615cfda9f1e1e4b5befb45e928a0c19ee9b855 42120 golang-1.18_1.18.8-1.debian.tar.xz
fa501b73775c27a9f207c8bb4e17516bc7afd460 6530 golang-1.18_1.18.8-1_amd64.buildinfo
Checksums-Sha256:
5bbeb75519adfb45c32b075d3b66dfe365a6dec3e347acf71834a7f43ade905e 2255 golang-1.18_1.18.8-1.dsc
1f79802305015479e77d8c641530bc54ec994657d5c5271e0172eb7118346a12 22873390 golang-1.18_1.18.8.orig.tar.gz
6534831f7dc383730c865c87689545ecd98b4547c91cf1bcc0c7c77b03f70118 819 golang-1.18_1.18.8.orig.tar.gz.asc
fa1e0126a879c41fd4c1990d302b9a67a4f6baaaeeb570f2ebea3b2ed19d09f4 42120 golang-1.18_1.18.8-1.debian.tar.xz
b87828d1d9b4015ff537bdae78c85c37dae5767e25260d36c9c988430ae7e009 6530 golang-1.18_1.18.8-1_amd64.buildinfo
Files:
1a402671e45424bb002269552f820027 2255 golang optional golang-1.18_1.18.8-1.dsc
4da6e6a0f709a4fe9f5b1033a8439a09 22873390 golang optional golang-1.18_1.18.8.orig.tar.gz
aafb2cc2c7c56fd6e48c4f33186d6fa5 819 golang optional golang-1.18_1.18.8.orig.tar.gz.asc
c42ab88092a252a7b6784ca53d141488 42120 golang optional golang-1.18_1.18.8-1.debian.tar.xz
d6661a7d7a8ba8cf465bbe8ebaffce9a 6530 golang optional golang-1.18_1.18.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCY2v9SxAcemhzakBkZWJp
YW4ub3JnAAoJEH9E+iXqVRTLh0cBAIPBdDPPhHfEWvLj1PR2bdeSaWZ+DTAIui7c
ZYtsIvmHAP9kviVzzy2Xbn/N96Qki/AaANRwRb0XjW8K1Hs47dhBCg==
=ULqQ
-----END PGP SIGNATURE-----
Reply to: