-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 16 Jun 2025 17:04:18 +0530
Source: golang-1.24
Built-For-Profiles: noudeb
Architecture: source
Version: 1.24.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anshul Singh <anshul.singh@canonical.com>
Closes: 1104816 1107364
Changes:
golang-1.24 (1.24.4-1) unstable; urgency=medium
.
* Team upload
* New upstream version 1.24.1
+ CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (Closes: #1107364)
+ CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
+ CVE 2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy validation (Closes: #1107364)
+ CVE-2025-22873: os: Root permits access to parent directory (Closes: #1104816)
* d/patches: Removed patch 0003 as it's already applied upstream now
Checksums-Sha1:
7765e5319e4410531d1c0772278fada0f84d8de6 2877 golang-1.24_1.24.4-1.dsc
96972a9ba84ee9c715776d83276b43c44ae9c39d 30788576 golang-1.24_1.24.4.orig.tar.gz
e7e69069b7821275146c2bf19bbcfaf4e55e575e 833 golang-1.24_1.24.4.orig.tar.gz.asc
4a841853884d13d526e7457c0cdde6bfd254b039 42192 golang-1.24_1.24.4-1.debian.tar.xz
142e6a44d42a6945905316731a94beb20a5c61f4 7584 golang-1.23_1.23.10-1_source.buildinfo
e534d14db2bfa1808aae44d488a4d4427d00f7bd 7580 golang-1.24_1.24.4-1_source.buildinfo
Checksums-Sha256:
f9991da1d502c1dd278f236f5cb960b7f0113e68cfe3739427aeb58853afbde3 2877 golang-1.24_1.24.4-1.dsc
5a86a83a31f9fa81490b8c5420ac384fd3d95a3e71fba665c7b3f95d1dfef2b4 30788576 golang-1.24_1.24.4.orig.tar.gz
bcc618ca95f9da9870907c265f9e12aef2ca6e37612a8d15d37ecbc828c420f6 833 golang-1.24_1.24.4.orig.tar.gz.asc
b613c9f5f2a4179ea618854e4310422231f115bab97cc5c18707a720d612da32 42192 golang-1.24_1.24.4-1.debian.tar.xz
4f8a5aed00955c4f11019a0a6d2b73c47accab7354020ae9ed13a449907cd09f 7584 golang-1.23_1.23.10-1_source.buildinfo
693ed10c6bbf0796b9e1cef867862011a1f9856cc892675991cf6619e18f69cd 7580 golang-1.24_1.24.4-1_source.buildinfo
Files:
ad3a8c72ddf40d2134bda9c4177a84cf 2877 golang optional golang-1.24_1.24.4-1.dsc
38d0b0a73d5b1b174e3a23be17fa10a0 30788576 golang optional golang-1.24_1.24.4.orig.tar.gz
07c6573541a198828d75a04250c86946 833 golang optional golang-1.24_1.24.4.orig.tar.gz.asc
d00ba8b8423714cb16788465514da2a1 42192 golang optional golang-1.24_1.24.4-1.debian.tar.xz
5d028049d5178cf53b441f42feeb6610 7584 golang optional golang-1.23_1.23.10-1_source.buildinfo
f89212ba10d4022bcce024e1d649ea3a 7580 golang optional golang-1.24_1.24.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiiBE+E9xaoW3f/djEd9ClMyjmJMFAmhQzCsACgkQEd9ClMyj
mJPP1hAAxpeCzePnZCzTQKO2WH8jIduRK4GiHtnBk6E7XkCOFbK7BR1UjnRUEgZ8
U9KtXYxQaaTpknoQa5jDlbzHTEfuZCDFcf5aGSMaWRBYpBECIqhgN4YlAMVGkH7o
f5GStp/hXx3f6sGLEoQgLO4NK/XYpDV7WueXbPDXOS9u6FmtdJtXKr4fSMnvYbEQ
RnKJQoHN08Pm2holwb6QYkFgwd92LG0Evd4W9D8hN7cj3mueITpTNCQuvLhsdBKg
hAFiqsQH/v5CyyUd7uNHaCC/0lZUOVBItVc8bk9TLAFBIF8HAcOGs5+Z5wyKUIcp
JRfL5KceoH1B3IQuKF5tL4ynSao08nSwFWSjLSkWJJHWGfKJJfH4HYpTG/3bEst4
5KxhTM4b58OUFsuAtxaLcPbLg0P+xjwhKl22HYNkok5Ut96q3tfKTZjCor78OG5X
NdyxKZJ8n0KEB5Ue8DZQqbbThNcD4BWLc3QDss+PA9DTXUACEOuSdzaTh7usGocd
KuU8qd9/WcA0g+PDPfUSPACIlA5dwoDHQiUW0HODxBjzF+OmV+b+qC8mRDAnfX3l
2LuAo4WpSGO79Df6S8+aasWxpD54WvcPTa2B+Bue6mQOMJYRXqlSWd5SBb41kFdX
lb5MOwHvT0o4ZHmma0JheiKbTE/Ojh1vPOJb4bo0RXYP4UGzYg4=
=Zv+i
-----END PGP SIGNATURE-----
Attachment:
pgpe0J4TWBsdA.pgp
Description: PGP signature