Accepted golang-1.24 1.24.7-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted golang-1.24 1.24.7-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 28 Sep 2025 05:35:59 +0000
Message-id: <[🔎] E1v2k4l-008cEy-2m@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Sep 2025 22:07:23 -0700
Source: golang-1.24
Architecture: source
Version: 1.24.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Tianon Gravi <tianon@debian.org>
Closes: 1109109 1110947 1110949
Changes:
 golang-1.24 (1.24.7-1) unstable; urgency=medium
 .
   * Update to 1.24.7 upstream release
     - 1.24.5
       - cmd/go: unexpected command execution in untrusted VCS repositories
         (CVE-2025-4674; https://go.dev/issue/74380; Closes: #1109109)
     - 1.24.6
       - os/exec: LookPath may return unexpected paths
         (CVE-2025-47906; https://go.dev/issue/74466; Closes: #1110947)
       - database/sql: incorrect results returned from Rows.Scan
         (CVE-2025-47907; https://go.dev/issue/74831; Closes: #1110949)
     - 1.24.7
       - net/http: CrossOriginProtection bypass patterns are over-broad
         (CVE-2025-47910; https://go.dev/issue/75054)
Checksums-Sha1:
 7df94a825460e95ead369e31c2579709c367aade 2923 golang-1.24_1.24.7-1.dsc
 fc43f73e0343e0ac236690d30cdf38ce1ecae2ee 30794506 golang-1.24_1.24.7.orig.tar.gz
 7fd3c6f78bb9786c16f29c38297f0338af54f444 833 golang-1.24_1.24.7.orig.tar.gz.asc
 cd4a97f07820fa4a70a33e5bcd18ce841880ae64 45472 golang-1.24_1.24.7-1.debian.tar.xz
 c9f5bc1270e1fa75a3e626cf20f7951b7057507c 5460 golang-1.24_1.24.7-1_source.buildinfo
Checksums-Sha256:
 83fa3b22041e5d1aac047a04d7353ff8c51fba33a0cc59b77cb9c42fe25c1a7e 2923 golang-1.24_1.24.7-1.dsc
 2a8f50db0f88803607c50d7ea8834dcb7bd483c6b428a91e360fdf8624b46464 30794506 golang-1.24_1.24.7.orig.tar.gz
 4babc1e7edd02f3b4277bdd9e6a9321a1461f926ee01c7386657dfe0cef1d68b 833 golang-1.24_1.24.7.orig.tar.gz.asc
 b6fdf71572dc8c1538425cb6c6a49efa94b0c100ec036c4b835c40d63efc43eb 45472 golang-1.24_1.24.7-1.debian.tar.xz
 c57b9f4c4aed85ae3d445c8273554e7bddfc681cde4bd469dd5127004bb8a754 5460 golang-1.24_1.24.7-1_source.buildinfo
Files:
 87d845890720810ba1880095d94c5ba1 2923 golang optional golang-1.24_1.24.7-1.dsc
 52eea261435dcd9fe447ce092f156519 30794506 golang optional golang-1.24_1.24.7.orig.tar.gz
 6fafb26d00bd94c3c04e197af354605a 833 golang optional golang-1.24_1.24.7.orig.tar.gz.asc
 3af0a8b2ddb08cfb6933ccfd32b8899c 45472 golang optional golang-1.24_1.24.7-1.debian.tar.xz
 cb0b63b0803cb720cf4e271f9836de22 5460 golang optional golang-1.24_1.24.7-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAmjYxI4SHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3UzVcQAKzVG85+fRyX1sAHWfnSFSgs4DgSGa0V
phq/j83gFzW6pNjXp397Nx5o3Y4GM56y1B40GdWdxLvxvaFBJr7CaLFMX1JseBKt
kwGFNvezsoPMr6Ovw7Xycfn05/nHtSEVVRf7n4bIcaoCnyoYvCa3WVvYsiVtRwq7
foCTDtHBHSvNJupWtbE0efnf30YzMWCveyMP0XZfgmMnaA7UL0Qnfftn7rXaBABx
9DoL++O9hNz2cVIz5XQNhWxLhxNEb9OeXIrs1hCs6nCUuvjHdTmOAcToym/aBuq9
haJJVj64xWhHyz3LYUSAspkku4vMdmxlne3ooJkZNfBOJRqufDS2d8zLBlu3A3jf
ne7ojVz6fUpXtrviiiyx/WmDBBvt1tzSBoLMOf9HNXyHO5EEjsUw7ASlownYOV6e
BhTd1o4jwgEiG0FN5c6ygbvalZ05mgHC0qADONosAEe3UKGHCq/T8W4o24189+q6
uBpIjjNhzmCwZ4gN9ijxHDrbWlBl27EJ+v/6UmuJRqLO58dfGdj7F9OmfSRn4KTs
X5Fax2nneJOFaNMSEWoSZidyu/JviHpVp7FS8w8ThuY4vbkZ6tuBLZW8U5tQ11LC
c4C9glQJoAQEF3l1axzYj5euHj3+cCUJ6xNh6wrjLItgQ+Di54yVLSF60PgvyXAX
B+YnP5CjOr4h
=AhRA
-----END PGP SIGNATURE-----

Attachment: pgpEpnU_4C4IO.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted calibre 8.11.1+ds+~0.10.5-3 (source) into unstable
Next by Date: Accepted multiprocess 0.70.18-1 (source) into unstable
Previous by thread: Accepted calibre 8.11.1+ds+~0.10.5-3 (source) into unstable
Next by thread: Accepted multiprocess 0.70.18-1 (source) into unstable
Index(es):
- Date
- Thread