Accepted golang-1.7 1.7.4-2+deb9u4 (source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Jan 2022 19:45:18 +0100
Source: golang-1.7
Binary: golang-1.7-go golang-1.7-src golang-1.7-doc golang-1.7
Architecture: source
Version: 1.7.4-2+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
golang-1.7 - Go programming language compiler - metapackage
golang-1.7-doc - Go programming language - documentation
golang-1.7-go - Go programming language compiler, linker, compiled stdlib
golang-1.7-src - Go programming language - source files
Closes: 989492 991961
Changes:
golang-1.7 (1.7.4-2+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2021-36221: Go has a race condition that can lead to a
net/http/httputil ReverseProxy panic upon an ErrAbortHandler
abort. (Closes: #991961)
* CVE-2021-33196: in archive/zip, a crafted file count (in an archive's
header) can cause a NewReader or OpenReader panic. (Closes: #989492)
* CVE-2021-39293: follow-up fix to CVE-2021-33196
* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
accesses a Memory Location After the End of a Buffer, aka an
out-of-bounds slice situation.
* CVE-2021-44716: net/http allows uncontrolled memory consumption in the
header canonicalization cache via HTTP/2 requests.
* CVE-2021-44717: Go on UNIX allows write operations to an unintended
file or unintended network connection as a consequence of erroneous
closing of file descriptor 0 after file-descriptor exhaustion.
Checksums-Sha1:
0f3defa8ca07509d11c7e13df619f690930b6770 2487 golang-1.7_1.7.4-2+deb9u4.dsc
d8efba0006ca079a6fe9af93abcf4c2f98aefc0e 54124 golang-1.7_1.7.4-2+deb9u4.debian.tar.xz
4169d98e4711318e05c2754c17306484444039e1 6140 golang-1.7_1.7.4-2+deb9u4_amd64.buildinfo
Checksums-Sha256:
fca00b4d2ac4ec686471aea8e35db273d768d22af6ab596127219ead13c718f7 2487 golang-1.7_1.7.4-2+deb9u4.dsc
4ab72edfe5116182ea5b19367e22147a6196af5d001e7d57aed8c76136f76bcb 54124 golang-1.7_1.7.4-2+deb9u4.debian.tar.xz
7585a0b796c1b626b7e3a84f69b1e6ef50719ec74863b48d6c42f7d1aa58caee 6140 golang-1.7_1.7.4-2+deb9u4_amd64.buildinfo
Files:
239cd952bc4fed4944be21194f4b800f 2487 devel optional golang-1.7_1.7.4-2+deb9u4.dsc
e5830f1c7c698018432e11e46ab0c68a 54124 devel optional golang-1.7_1.7.4-2+deb9u4.debian.tar.xz
74e8e0a163e08fed9a7a82ed4964634c 6140 devel optional golang-1.7_1.7.4-2+deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmHrGm4ACgkQDTl9HeUl
XjDDFA/9FvlzaoRAxf0qqFksl2Pq1DuQubJeN/QAPvAMtlIrjrMSjA+BM6GhKzb1
+Uwa5Jb7n9Oc6NnZ4CBJRdwOcUIur8/djCT/eC8zz03Lj+kv0gtDI1ZQ3S7LqoD1
0ofCMowdhObjNHFkOoIWIq5psYbtTuWDkagQtGjyXJFTYhBpAqFE32TkRafLF8g1
QIpwbHcyrHgJZJFy3Q6WzUh7YefNLYbcAIIK6JgRDyPSKyomswWnqUcs1qjr4Sdj
eKrxs9Im9VcC+2axeoRTwK+MJ1sSVj177Jmvp2auz6OKNK0UCHu5nLpyaTYb2DBF
WH92IJD0YouawfK8+HgRihFRF5UoobeM5bu7Gw+FDNZnqvgmO4wCG1rGIRkBATs/
6cI547C1qaiRzqGINoEUJ4YOuSabTPVwCQDDBdfCUQozp8w52V3XT8GZw8yhjEBn
Fnno+YQ14E7o0tqf4W8JtIpFEfl85OY2GfCl62OIwjkwDxOhFCgQuQ388uXS3qt3
xE+CaokAFxspW1DqA/juol0CeFh1ltvOEIQxdQsWjaquvNoWzBU8ah1QN4bTlD+r
H4X0DTfusEwL2pfGmkb5qrkwf2ARtBuOKoYI5nznSWZfH9LbC+HiN1xgs2lmtCoM
YShsgjecuGUHbzTNtXZLl6J6z7p4Ae8P7wLw25hxgBtGa+SnzY0=
=iYin
-----END PGP SIGNATURE-----
Reply to: