Bug#1112053: marked as done (bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1112053: marked as done (bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 06 Sep 2025 11:18:17 +0000
Message-id: <[🔎] handler.1112053.D1112053.17571573203954420.ackdone@bugs.debian.org>
Reply-to: 1112053@bugs.debian.org
References: <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk> <3a2aa52-f8b9-e6ce-9af2-ac7047d68628@alteholz.de>

Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1112053,
regarding bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1112053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112053
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 25 Aug 2025 17:16:25 +0000 (UTC)
Message-id: <3a2aa52-f8b9-e6ce-9af2-ac7047d68628@alteholz.de>

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu

The attached debdiff for golang-github-gin-contrib-cor fixesCVE-2019-25211 in Bookworm. The CVE is marked as no-dsa by thesecurity team.

golang-github-gin-contrib-cor is a leaf package with no rdeps withinDebian and the fix was already done by upstream a few years ago.

There should be not much hassle with this fix.

  Thorsten

diff -Nru golang-github-gin-contrib-cors-1.4.0/debian/changelog golang-github-gin-contrib-cors-1.4.0/debian/changelog
--- golang-github-gin-contrib-cors-1.4.0/debian/changelog	2022-12-03 10:49:55.000000000 +0100
+++ golang-github-gin-contrib-cors-1.4.0/debian/changelog	2025-08-25 14:49:55.000000000 +0200
@@ -1,3 +1,10 @@
+golang-github-gin-contrib-cors (1.4.0-1+deb12u1) bookworm; urgency=medium
+
+  * CVE-2019-25211
+    fix handling of wildcards
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Mon, 25 Aug 2025 14:49:55 +0200
+
 golang-github-gin-contrib-cors (1.4.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru golang-github-gin-contrib-cors-1.4.0/debian/patches/CVE-2019-25211.patch golang-github-gin-contrib-cors-1.4.0/debian/patches/CVE-2019-25211.patch
--- golang-github-gin-contrib-cors-1.4.0/debian/patches/CVE-2019-25211.patch	1970-01-01 01:00:00.000000000 +0100
+++ golang-github-gin-contrib-cors-1.4.0/debian/patches/CVE-2019-25211.patch	2025-08-25 14:49:55.000000000 +0200
@@ -0,0 +1,22 @@
+From 27b723a473efd80d5a498fa9f5933c80204c850d Mon Sep 17 00:00:00 2001
+From: Benjamin Mitzkus <b.mitzkus@gmx.de>
+Date: Wed, 6 Mar 2024 06:28:12 +0100
+Subject: [PATCH] fixe(domain): wildcard parse bug (#106)
+
+---
+ cors.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: golang-github-gin-contrib-cors-1.4.0/cors.go
+===================================================================
+--- golang-github-gin-contrib-cors-1.4.0.orig/cors.go	2025-08-25 16:03:59.883858578 +0200
++++ golang-github-gin-contrib-cors-1.4.0/cors.go	2025-08-25 16:03:59.883858578 +0200
+@@ -132,7 +132,7 @@
+ 			continue
+ 		}
+ 		if i == (len(o) - 1) {
+-			wRules = append(wRules, []string{o[:i-1], "*"})
++			wRules = append(wRules, []string{o[:i], "*"})
+ 			continue
+ 		}
+ 
diff -Nru golang-github-gin-contrib-cors-1.4.0/debian/patches/series golang-github-gin-contrib-cors-1.4.0/debian/patches/series
--- golang-github-gin-contrib-cors-1.4.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ golang-github-gin-contrib-cors-1.4.0/debian/patches/series	2025-08-25 14:49:55.000000000 +0200
@@ -0,0 +1 @@
+CVE-2019-25211.patch

--- End Message ---

--- Begin Message ---

To: 1086622-done@bugs.debian.org, 1098225-done@bugs.debian.org, 1098229-done@bugs.debian.org, 1098783-done@bugs.debian.org, 1100607-done@bugs.debian.org, 1100960-done@bugs.debian.org, 1101144-done@bugs.debian.org, 1102091-done@bugs.debian.org, 1102675-done@bugs.debian.org, 1102752-done@bugs.debian.org, 1103926-done@bugs.debian.org, 1103927-done@bugs.debian.org, 1104028-done@bugs.debian.org, 1104154-done@bugs.debian.org, 1104821-done@bugs.debian.org, 1104874-done@bugs.debian.org, 1104882-done@bugs.debian.org, 1105009-done@bugs.debian.org, 1105113-done@bugs.debian.org, 1105816-done@bugs.debian.org, 1105888-done@bugs.debian.org, 1105957-done@bugs.debian.org, 1105971-done@bugs.debian.org, 1105996-done@bugs.debian.org, 1106300-done@bugs.debian.org, 1106328-done@bugs.debian.org, 1106348-done@bugs.debian.org, 1106536-done@bugs.debian.org, 1106721-done@bugs.debian.org, 1106756-done@bugs.debian.org, 1106761-done@bugs.debian.org, 1106867-done@bugs.debian.org, 1107069-done@bugs.debian.org, 1107116-done@bugs.debian.org, 1107147-done@bugs.debian.org, 1107217-done@bugs.debian.org, 1107252-done@bugs.debian.org, 1107253-done@bugs.debian.org, 1107568-done@bugs.debian.org, 1107852-done@bugs.debian.org, 1107902-done@bugs.debian.org, 1108122-done@bugs.debian.org, 1108127-done@bugs.debian.org, 1108137-done@bugs.debian.org, 1108185-done@bugs.debian.org, 1108308-done@bugs.debian.org, 1108353-done@bugs.debian.org, 1108504-done@bugs.debian.org, 1108508-done@bugs.debian.org, 1108543-done@bugs.debian.org, 1108548-done@bugs.debian.org, 1108921-done@bugs.debian.org, 1109012-done@bugs.debian.org, 1109034-done@bugs.debian.org, 1109084-done@bugs.debian.org, 1109087-done@bugs.debian.org, 1109095-done@bugs.debian.org, 1109127-done@bugs.debian.org, 1109147-done@bugs.debian.org, 1109207-done@bugs.debian.org, 1109545-done@bugs.debian.org, 1109611-done@bugs.debian.org, 1109763-done@bugs.debian.org, 1109819-done@bugs.debian.org, 1109943-done@bugs.debian.org, 1109945-done@bugs.debian.org, 1109947-done@bugs.debian.org, 1109995-done@bugs.debian.org, 1110034-done@bugs.debian.org, 1110080-done@bugs.debian.org, 1110114-done@bugs.debian.org, 1110340-done@bugs.debian.org, 1110489-done@bugs.debian.org, 1110643-done@bugs.debian.org, 1110686-done@bugs.debian.org, 1110813-done@bugs.debian.org, 1111034-done@bugs.debian.org, 1111076-done@bugs.debian.org, 1111426-done@bugs.debian.org, 1111486-done@bugs.debian.org, 1111600-done@bugs.debian.org, 1111607-done@bugs.debian.org, 1111653-done@bugs.debian.org, 1111666-done@bugs.debian.org, 1111835-done@bugs.debian.org, 1111859-done@bugs.debian.org, 1111924-done@bugs.debian.org, 1111959-done@bugs.debian.org, 1111966-done@bugs.debian.org, 1111969-done@bugs.debian.org, 1111987-done@bugs.debian.org, 1111989-done@bugs.debian.org, 1112039-done@bugs.debian.org, 1112053-done@bugs.debian.org, 1112070-done@bugs.debian.org, 1112074-done@bugs.debian.org, 1112124-done@bugs.debian.org, 1112129-done@bugs.debian.org, 1112141-done@bugs.debian.org, 1112195-done@bugs.debian.org, 1112239-done@bugs.debian.org, 1112252-done@bugs.debian.org, 1112340-done@bugs.debian.org, 1112347-done@bugs.debian.org, 1112368-done@bugs.debian.org, 1112449-done@bugs.debian.org, 1112459-done@bugs.debian.org, 1112467-done@bugs.debian.org, 1112542-done@bugs.debian.org

Subject: Closing p-u requests for fixes included in 12.12

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 06 Sep 2025 12:14:50 +0100

Message-id: <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 12.12

Hi,

Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)
Next by Date: Bug#1112070: marked as done (bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3)
Previous by thread: Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)
Next by thread: Bug#1112070: marked as done (bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3)
Index(es):
- Date
- Thread