-
golang-1.22 (1.22.4-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22.4
+ CVE-2024-24789: archive/zip: mishandling of corrupt central directory
record
+ CVE-2024-24790: net/netip: unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses
-- Shengjing Zhu <email address hidden> Wed, 05 Jun 2024 07:31:05 +0800
-
golang-1.22 (1.22.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22.3
+ CVE-2024-24788: net: malformed DNS message can cause infinite loop
-- Shengjing Zhu <email address hidden> Wed, 08 May 2024 17:11:30 +0800
-
golang-1.22 (1.22.2-2) unstable; urgency=medium
* Team upload
* Skip flaky TestCrashDumpsAllThreads on s390x (LP: #2061742)
https://github.com/golang/go/issues/64650
-- Shengjing Zhu <email address hidden> Tue, 16 Apr 2024 16:13:31 +0800
-
golang-1.22 (1.22.2-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22.2
+ CVE-2023-45288: http2: close connections when receiving too many headers
* Revert "Backport patch to fix external link on riscv64" (applied in 1.22.2)
-- Shengjing Zhu <email address hidden> Thu, 04 Apr 2024 04:23:15 +0800
-
golang-1.22 (1.22.1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22.1
+ CVE-2024-24783: crypto/x509: Verify panics on certificates with an
unknown public key algorithm
+ CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
+ CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
sensitive headers and cookies on HTTP redirect
+ CVE-2024-24785: html/template: errors returned from MarshalJSON methods
may break template escaping
+ CVE-2024-24784: net/mail: comments in display names are incorrectly
handled
* Update upstream signing key
* Backport patch to fix external link on riscv64 (Closes: #1065368)
-- Shengjing Zhu <email address hidden> Wed, 06 Mar 2024 15:09:10 +0800
-
golang-1.22 (1.22.0-2) unstable; urgency=medium
* Team upload
* Skip flaky TestCrashDumpsAllThreads on mips64le
-- Shengjing Zhu <email address hidden> Mon, 26 Feb 2024 17:08:17 +0800
-
golang-1.22 (1.22.0-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22.0
-- Shengjing Zhu <email address hidden> Wed, 21 Feb 2024 16:57:04 +0800
-
golang-1.22 (1.22~rc2-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22~rc2
* Bump bootstrap Go to 1.20.
See https://github.com/golang/go/issues/54265
gccgo only implements Go 1.18 and can't bootstrap Go 1.22 now.
* Revert "Skip TestUser{Cache,Config}Dir when HOME is not writable"
This reverts commit 5e8f93837a5d73a391fbbc278a34e5a89f84ca9b.
Fixed by upstream https://github.com/golang/go/issues/64990
-- Shengjing Zhu <email address hidden> Tue, 30 Jan 2024 17:15:39 +0800
-
golang-1.22 (1.22~rc1-2) unstable; urgency=medium
* Skip TestUser{Cache,Config}Dir when HOME is not writable
-- Shengjing Zhu <email address hidden> Sat, 06 Jan 2024 21:26:23 +0800
-
golang-1.22 (1.22~rc1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.22rc1
* Build loong64 binaries (Closes: #1055087)
* Avoid downloading a newer toolchain when bootstrap
-- Shengjing Zhu <email address hidden> Thu, 04 Jan 2024 17:22:48 +0800
