Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
On Sun, Dec 12, 2021 at 1:49 AM Shengjing Zhu <zhsj@debian.org> wrote:
>
> On Sun, Dec 12, 2021 at 1:45 AM Adam D. Barratt
> <adam@adam-barratt.org.uk> wrote:
> >
> > Control: tags -1 + moreinfo
> >
> > On Fri, 2021-12-10 at 00:11 +0800, Shengjing Zhu wrote:
> > > On Sat, Dec 04, 2021 at 06:31:35PM +0800, Shengjing Zhu wrote:
> > [...]
> > > > Backport patches for CVE-2021-38297 and CVE-2021-41771.
> > > >
> > > > [ Impact ]
> > > >
> > > > + CVE-2021-38297 is for people using WASM with Go
> > > > + CVE-2021-41771 is in debug/macho standard library
> > > >
> > [...]
> > > I'd like to amend this request.
> > >
> > > Backport two patches for CVE-2021-44716 and CVE-2021-44717. Both are
> > > taken from upstream 1.16
> > > branch without modification.
> > >
> >
> > None of these issues appears to be resolved in the golang-1.15 package
> > in unstable. Is that correct?
> >
>
> Hmm, I forget golang-1.15 hasn't been removed from unstable yet, since
> two packages still depend on it.
> I'll update it for unstable. (I really want to see it removed from unstable...)
>
Now golang-1.15/1.15.15-5 is in unstable, with same patches in this pu.
--
Shengjing Zhu
Reply to: