[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted golang-1.8 1.8.1-1+deb9u4 (source) into oldoldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Jan 2022 19:44:56 +0100
Source: golang-1.8
Binary: golang-1.8-go golang-1.8-src golang-1.8-doc golang-1.8
Architecture: source
Version: 1.8.1-1+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 golang-1.8 - Go programming language compiler - metapackage
 golang-1.8-doc - Go programming language - documentation
 golang-1.8-go - Go programming language compiler, linker, compiled stdlib
 golang-1.8-src - Go programming language - source files
Closes: 989492 991961
Changes:
 golang-1.8 (1.8.1-1+deb9u4) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2021-36221: Go has a race condition that can lead to a
     net/http/httputil ReverseProxy panic upon an ErrAbortHandler
     abort. (Closes: #991961)
   * CVE-2021-33196: in archive/zip, a crafted file count (in an archive's
     header) can cause a NewReader or OpenReader panic. (Closes: #989492)
   * CVE-2021-39293: follow-up fix to CVE-2021-33196
   * CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
     accesses a Memory Location After the End of a Buffer, aka an
     out-of-bounds slice situation.
   * CVE-2021-44716: net/http allows uncontrolled memory consumption in the
     header canonicalization cache via HTTP/2 requests.
   * CVE-2021-44717: Go on UNIX allows write operations to an unintended
     file or unintended network connection as a consequence of erroneous
     closing of file descriptor 0 after file-descriptor exhaustion.
Checksums-Sha1:
 70f91b516a588207d7b975ad7f599236e8d1044c 2487 golang-1.8_1.8.1-1+deb9u4.dsc
 8e7abfe035aea40da55dbbffe723afbe0302b36a 60856 golang-1.8_1.8.1-1+deb9u4.debian.tar.xz
 ceedf3d122814a6ebb680d1e3a1643b2af08a198 6140 golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo
Checksums-Sha256:
 e97577b3f35499b0f66f522edec4c29b3528057d697e9b6f085f6fdae723a4d8 2487 golang-1.8_1.8.1-1+deb9u4.dsc
 44f535a60821798a73adec5e379079a70f91dbf66007a2879d2c9c5b022decd0 60856 golang-1.8_1.8.1-1+deb9u4.debian.tar.xz
 590789e80ffd1056b94bc5a030c1d4497d5262d7bc2b14942ddaeb4acb58961b 6140 golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo
Files:
 c6fdbcc2086022df7393bdf06a09cd5e 2487 devel optional golang-1.8_1.8.1-1+deb9u4.dsc
 67cb651850af744436680104baae443e 60856 devel optional golang-1.8_1.8.1-1+deb9u4.debian.tar.xz
 dcf7cea90e7affb62560a19b506f17f6 6140 devel optional golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmHrGmQACgkQDTl9HeUl
XjBZGw//VFmapWAOdzj8X40DMXo5U/nWUUwfiLUFpFqf9xD7oEgmCUys/n/tG72B
G5U5b25JooXZOFeHtCTW5Dh4BmgiHoOEpIqV8vvZUtALrnOJOWDnyzi+0qjXRwgV
TTijXyASMQOJCVABJEO2geQQPldoM5QrXOArySluaMMNZ4DJYp34LQjAS9KpvlzA
EBGp7pTwOL52D1EcVR1d3DXtguBVVi3M8EkoJUygTUkz8YY3/z3ew24J/+xwbFVh
dRRcwJYRTX21QpHMalblhbHBP6T58onc7b4RnXefKeJjgBSgCKyB+GFljcZzFyvA
ogvjbkQu4FJ+dE1iSyDRFKE3O9h8l+q/wsF7VftiUt/hw8c2wLBpIxdTUUFBMMRd
8NGemEcw4QDeRb9rI6tnh73LV2JC3SsRfbpOe/T3qz79yhbnBQ3VFkqEL+gtgB98
6nti9pucecatjadB6EcyJ2ZR6Cwsk5L5vQL5wEU/SImaGXmlkBnp41WwKyicWo1A
ZdScQpJw4qnoUZ23QkLh1rWAh1izUvaTX3NuRCldGRIssye6cDp63oqAD6vQd6CE
Z5uzFnihH+635Nwma6Hh3uLbc7JQ357aAnzwjed1tYt5yMEp3oVza+LgAaWnNZER
F+zXCqRVoowGDhMJkFHBLio0LbUvi8iHJal16RGR4SAlHwH56XE=
=czDV
-----END PGP SIGNATURE-----
Reply to: