Change log for golang-1.20 package in Debian
| 1 → 20 of 20 results | First • Previous • Next • Last |
golang-1.20 (1.20.14-2) unstable; urgency=medium * Team upload * Skip flaky TestCrashDumpsAllThreads on mips64le -- Shengjing Zhu <email address hidden> Mon, 26 Feb 2024 17:14:19 +0800
Available diffs
- diff from 1.20.14-1 to 1.20.14-2 (857 bytes)
golang-1.20 (1.20.14-1) unstable; urgency=medium * Team upload * New upstream version 1.20.14 -- Shengjing Zhu <email address hidden> Wed, 21 Feb 2024 16:32:56 +0800
Available diffs
- diff from 1.20.13-1 to 1.20.14-1 (11.8 KiB)
golang-1.20 (1.20.13-1) unstable; urgency=medium * Team upload * New upstream version 1.20.13 -- Shengjing Zhu <email address hidden> Thu, 11 Jan 2024 18:47:27 +0800
Available diffs
- diff from 1.20.12-1 to 1.20.13-1 (9.6 KiB)
golang-1.20 (1.20.12-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.20.12
+ CVE-2023-39326: net/http: limit chunked data overhead
+ CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
+ CVE-2023-45283: path/filepath: retain trailing \ when cleaning paths
like \\?\c:\
-- Shengjing Zhu <email address hidden> Wed, 06 Dec 2023 15:36:27 +0800
Available diffs
- diff from 1.20.11-1 to 1.20.12-1 (4.8 KiB)
golang-1.20 (1.20.11-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.20.11
+ CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device
path prefix.
+ CVE-2023-45284: path/filepath: recognize device names with trailing
spaces and superscripts.
-- Shengjing Zhu <email address hidden> Wed, 08 Nov 2023 03:42:23 +0800
Available diffs
- diff from 1.20.10-1 to 1.20.11-1 (7.3 KiB)
golang-1.20 (1.20.10-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.20.10
+ CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause
excessive work
-- Shengjing Zhu <email address hidden> Wed, 11 Oct 2023 14:49:01 +0800
Available diffs
- diff from 1.20.8-1 to 1.20.10-1 (3.7 KiB)
golang-1.20 (1.20.9-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.20.9
+ CVE-2023-39323: cmd/go: line directives allows arbitrary execution during
build
-- Shengjing Zhu <email address hidden> Fri, 06 Oct 2023 19:40:40 +0800
golang-1.20 (1.20.8-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.20.8
+ CVE-2023-39318: html/template: improper handling of HTML-like comments
within script contexts
+ CVE-2023-39319: html/template: improper handling of special tags within
script contexts
-- Shengjing Zhu <email address hidden> Thu, 07 Sep 2023 11:58:16 +0800
Available diffs
- diff from 1.20.7-1 to 1.20.8-1 (31.4 KiB)
golang-1.20 (1.20.7-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.7
+ CVE-2023-29409: crypto/tls: restrict RSA keys in certificates
to <= 8192 bits
-- Shengjing Zhu <email address hidden> Wed, 02 Aug 2023 11:30:27 +0800
Available diffs
- diff from 1.20.6-1 to 1.20.7-1 (6.1 KiB)
| Deleted in experimental-release (Reason: None provided.) |
| Published in sid-release |
golang-1.20 (1.20.6-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.6
+ CVE-2023-29406: net/http: insufficient sanitization of Host header
* Add autopkgtest
-- Shengjing Zhu <email address hidden> Wed, 12 Jul 2023 13:34:53 +0800
Available diffs
- diff from 1.20.5-1 to 1.20.6-1 (20.1 KiB)
| Deleted in experimental-release (Reason: None provided.) |
| Superseded in sid-release |
golang-1.20 (1.20.5-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.5
+ CVE-2023-29402: cmd/go: cgo code injection
+ CVE-2023-29403: runtime: unexpected behavior of setuid/setgid binaries
+ CVE-2023-29404/CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS
-- Shengjing Zhu <email address hidden> Wed, 07 Jun 2023 12:05:11 +0800
Available diffs
- diff from 1.20.4-1 to 1.20.5-1 (21.3 KiB)
golang-1.20 (1.20.4-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.4
+ CVE-2023-24539: html/template: improper sanitization of CSS values
+ CVE-2023-24540: html/template: improper handling of JavaScript whitespace
+ CVE-2023-29400: html/template: improper handling of empty HTML attributes
-- Shengjing Zhu <email address hidden> Wed, 03 May 2023 14:56:49 +0800
Available diffs
- diff from 1.20.3-1 to 1.20.4-1 (17.5 KiB)
golang-1.20 (1.20.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.3
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <email address hidden> Wed, 05 Apr 2023 02:04:08 +0800
Available diffs
- diff from 1.20.2-1 to 1.20.3-1 (24.1 KiB)
golang-1.20 (1.20.2-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.2
+ CVE-2023-24532: crypto/elliptic: incorrect P-256 ScalarMult and
ScalarBaseMult results
-- Shengjing Zhu <email address hidden> Wed, 08 Mar 2023 13:57:35 +0800
Available diffs
- diff from 1.20.1-1 to 1.20.2-1 (30.6 KiB)
golang-1.20 (1.20.1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.1
+ CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
+ CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
+ CVE-2022-41724: crypto/tls: large handshake records may cause panics
+ CVE-2022-41723: net/http: avoid quadratic complexity in HPACK decoding
-- Shengjing Zhu <email address hidden> Wed, 15 Feb 2023 09:53:55 +0800
Available diffs
- diff from 1.20-1 to 1.20.1-1 (26.9 KiB)
golang-1.20 (1.20-1) unstable; urgency=medium
* Team upload
* New upstream release 1.20
* Remove patches applied upstream:
- d/patches/0005-Revert-internal-fsys-follow-root-symlink-in-fsys.Wal.patch
- d/patches/0006-time-revert-strict-parsing-of-RFC-3339.patch
-- Michael Hudson-Doyle <email address hidden> Thu, 02 Feb 2023 13:54:15 +1300
Available diffs
- diff from 1.20~rc3-2 to 1.20-1 (21.2 KiB)
| Superseded in sid-release |
golang-1.20 (1.20~rc3-2) unstable; urgency=medium
* Team upload
* Revert strict parsing of RFC 3339.
See https://github.com/golang/go/issues/54580
-- Shengjing Zhu <email address hidden> Thu, 19 Jan 2023 16:45:22 +0800
Available diffs
- diff from 1.20~rc3-1 to 1.20~rc3-2 (2.4 KiB)
| Superseded in sid-release |
golang-1.20 (1.20~rc3-1) unstable; urgency=medium
[ William 'jawn-smith' Wilson ]
* New upstream version 1.20 rc3
[ Shengjing Zhu ]
* Drop 0005-syscall-skip-TestUseCgroupFD-if-cgroupfs-not-mounted.patch,
merged in new version.
-- Shengjing Zhu <email address hidden> Fri, 13 Jan 2023 09:51:55 +0800
Available diffs
- diff from 1.20~rc2-2 to 1.20~rc3-1 (23.2 KiB)
| Superseded in sid-release |
golang-1.20 (1.20~rc2-2) unstable; urgency=medium
* Team upload
* Add NO_PNG_PKG_MANGLE to prevent mangling testdata.
This is Ubuntu specific behaviour so they can sync the package without
vendor patch.
* Revert "internal/fsys: follow root symlink in fsys.Walk"
Fix https://github.com/golang/go/issues/57754
-- Shengjing Zhu <email address hidden> Thu, 12 Jan 2023 22:27:08 +0800
Available diffs
- diff from 1.20~rc2-1 to 1.20~rc2-2 (2.4 KiB)
| Superseded in sid-release |
golang-1.20 (1.20~rc2-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20~rc2
* Bump bootstrap Go to 1.17.
See https://github.com/golang/go/issues/44505
* Drop i386 bootstrap workaround with Go < 1.16
* Add patch to skip TestUseCgroupFD for schroot
* Update Standards-Version to 4.6.2 (no changes)
* $GOROOT/pkg no longer stores pre-compiled package archives for the standard library
* Make all scripts in src directory executable. To silence lintian.
* Refresh lintian overrides
-- Shengjing Zhu <email address hidden> Thu, 05 Jan 2023 16:01:28 +0800
| 1 → 20 of 20 results | First • Previous • Next • Last |
