Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2

To: Shengjing Zhu <zhsj@debian.org>, 1001100@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 11 Dec 2021 22:29:06 +0000
Message-id: <[🔎] 0a34ecee0945cfbaed306e4230f095f3968dccda.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1001100@bugs.debian.org
In-reply-to: <[🔎] CAFyCLW_G_7VqrVCy+uMPMCP21KGaeWyFSjk0k0tNJb1b9CKZcw@mail.gmail.com>
References: <[🔎] YatDh4UOo4cqAOUO@local.zhsj.me> <[🔎] YbIqrRcHKo+s4rXp@local.zhsj.me> <[🔎] f646db0c7a42bd6ff1a3af10bb973348955cdf47.camel@adam-barratt.org.uk> <[🔎] CAFyCLW_rwqZn6yG6qtA3yKTbGJbOPwhRmDA2=YzK5LASYCQf9g@mail.gmail.com> <[🔎] YatDh4UOo4cqAOUO@local.zhsj.me> <[🔎] CAFyCLW_G_7VqrVCy+uMPMCP21KGaeWyFSjk0k0tNJb1b9CKZcw@mail.gmail.com> <[🔎] YatDh4UOo4cqAOUO@local.zhsj.me>

Control: tags -1 + confirmed

On Sun, 2021-12-12 at 03:00 +0800, Shengjing Zhu wrote:
> On Sun, Dec 12, 2021 at 1:49 AM Shengjing Zhu <zhsj@debian.org>
> wrote:
> > On Sun, Dec 12, 2021 at 1:45 AM Adam D. Barratt
> > <adam@adam-barratt.org.uk> wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Fri, 2021-12-10 at 00:11 +0800, Shengjing Zhu wrote:
> > > > On Sat, Dec 04, 2021 at 06:31:35PM +0800, Shengjing Zhu wrote:
> > > [...]
> > > > > Backport patches for CVE-2021-38297 and CVE-2021-41771.
> > > > > 
> > > > > [ Impact ]
> > > > > 
> > > > > + CVE-2021-38297 is for people using WASM with Go
> > > > > + CVE-2021-41771 is in debug/macho standard library
> > > > > 
> > > [...]
> > > > I'd like to amend this request.
> > > > 
> > > > Backport two patches for CVE-2021-44716 and CVE-2021-44717.
> > > > Both are
> > > > taken from upstream 1.16
> > > > branch without modification.
> > > > 
> > > 
> > > None of these issues appears to be resolved in the golang-1.15
> > > package
> > > in unstable. Is that correct?
> > > 
> > 
> > Hmm, I forget golang-1.15 hasn't been removed from unstable yet,
> > since
> > two packages still depend on it.
> > I'll update it for unstable. (I really want to see it removed from
> > unstable...)
> > 
> 
> Now golang-1.15/1.15.15-5 is in unstable, with same patches in this
> pu.

Heh, that was quick. Please go ahead, thanks.

Regards,

Adam

Reply to:

References:
- Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
  - From: Shengjing Zhu <zhsj@debian.org>
- Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
  - From: Shengjing Zhu <zhsj@debian.org>
- Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
  - From: Shengjing Zhu <zhsj@debian.org>
- Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
  - From: Shengjing Zhu <zhsj@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
Previous by thread: Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
Next by thread: Processed: Re: Bug#1001100: bullseye-pu: package golang-1.15/1.15.15-1~deb11u2
Index(es):
- Date
- Thread