Publishing details
Changelog
golang-1.21 (1.21.1-1~ubuntu20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
- CVE-2023-45288
* SECURITY UPDATE: leak sensitive information
- debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
avoid subdomain matches on IPv6 zones
- CVE-2023-45289
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
avoid unbounded read in MIME header
- CVE-2023-45290
* SECURITY UPDATE: panic on unknown public key algorithm
- debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
is non-nil before interface conversion
- CVE-2024-24783
* SECURITY UPDATE: panic on handling special characters
- debian/patches/CVE-2024-24784.patch: net/mail: properly handle
special characters in phrase and obs-phrase
- CVE-2024-24784
* SECURITY UPDATE: template injection issue
- debian/patches/CVE-2024-24785.patch: html/template: escape additional
tokens in MarshalJSON errors
- CVE-2024-24785
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
-- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:38:50 +0530
Builds
Built packages
-
golang-1.21
Go programming language compiler - metapackage
-
golang-1.21-doc
Go programming language - documentation
-
golang-1.21-go
Go programming language compiler, linker, compiled stdlib
-
golang-1.21-src
Go programming language - source files
Package files