golang-1.18 1.18.1-1ubuntu1~20.04.3 source package in Ubuntu
Changelog
golang-1.18 (1.18.1-1ubuntu1~20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Code Injection, XSS, Denial of Service
- debian/patches/CVE-2022-41723.patch: net/http: update bundled
golang.org/x/net/http2
- debian/patches/CVE-2022-41724.patch: crypto/tls: replace all
usages of BytesOrPanic
- debian/patches/CVE-2022-41725.patch: mime/multipart: limit
memory/inode consumption of ReadForm
- debian/patches/CVE-2023-24531.patch: cmd/go: sanitize go env
outputs
- debian/patches/CVE-2023-24536.patch: mime/multipart: limit parsed
mime message sizes
- debian/patches/CVE-2023-29402.patch: cmd/go: disallow package
directories containing newlines
- debian/patches/CVE-2023-29403.patch: runtime: implement SUID/SGID
protections
- debian/patches/CVE-2023-29404.patch: cmd/go: enforce flags with
non-optional arguments
- debian/patches/CVE-2023-29405-1.patch: cmd/go,cmd/cgo: in
_cgo_flags use one line per flag
- debian/patches/CVE-2023-29405-2.patch: cmd/cgo: correct
_cgo_flags output
- debian/patches/CVE-2023-29406.patch: net/http: validate Host
header before sending
- debian/patches/CVE-2023-39318.patch: html/template: support
HTML-like comments in script contexts
- debian/patches/CVE-2023-39319.patch: html/template: properly
handle special tags within the script context
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute
file name in isCgo check
- debian/patches/CVE-2023-39325.patch: net/http: regenerate
h2_bundle.go
- debian/patches/CVE-2023-45288.patch: net/http: update bundled
golang.org/x/net/http2
- debian/patches/CVE-2023-45290.patch: net/textproto,
mime/multipart: avoid unbounded read in MIME header
- debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub
key is non-nil before interface conversion
- debian/patches/CVE-2024-24784.patch: net/mail: properly handle
special characters in phrase and obs-phrase
- debian/patches/CVE-2024-24785.patch: html/template: escape
additional tokens in MarshalJSON errors
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/patches/CVE-2024-24790.patch: net/netip: check if address
is v6 mapped in Is methods
- debian/patches/CVE-2024-24791.patch: net/http: send body or close
connection on expect-100-continue requests
- debian/patches/CVE-2024-34155.patch: go/parser: track depth in
nested element lists
- debian/patches/CVE-2024-34156.patch: encoding/gob: cover missed
cases when checking ignore depth
- debian/patches/CVE-2024-34158.patch: go/build/constraint: add
parsing limits
- CVE-2022-41723
- CVE-2022-41724
- CVE-2022-41725
- CVE-2023-24531
- CVE-2023-24536
- CVE-2023-29402
- CVE-2023-29403
- CVE-2023-29404
- CVE-2023-29405
- CVE-2023-29406
- CVE-2023-39318
- CVE-2023-39319
- CVE-2023-39323
- CVE-2023-39325
- CVE-2023-45288
- CVE-2023-45290
- CVE-2024-24783
- CVE-2024-24784
- CVE-2024-24785
- CVE-2024-24789
- CVE-2024-24790
- CVE-2024-24791
- CVE-2024-34155
- CVE-2024-34156
- CVE-2024-34158
* debian/patches/0008-backport-syscall-package-2.patch,
debian/patches/0009-backport-syscall-package-3.patch,
debian/patches/0010-backport-syscall-package-4.patch,
debian/patches/0011-backport-syscall-package-5.patch,
debian/patches/0012-backport-syscall-package-6.patch: backport
syscall pacakge for the fix for CVE-2023-29403 from upstream.
* debian/source/include-binaries:
src/archive/zip/testdata/comment-truncated.zip for CVE-2024-24789
-- Allen Huang <email address hidden> Thu, 07 Nov 2024 11:03:46 +0000
Upload details
- Uploaded by:
- Allen Huang
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el riscv64 s390x all
- Section:
- golang
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | golang | |
| Focal | security | universe | golang |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| golang-1.18_1.18.1.orig.tar.gz | 21.8 MiB | efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088 |
| golang-1.18_1.18.1-1ubuntu1~20.04.3.debian.tar.xz | 119.5 KiB | 24885e3f35359ea516ae631f6cca29ff17fc163821c3f632801a969a31d27f89 |
| golang-1.18_1.18.1-1ubuntu1~20.04.3.dsc | 2.7 KiB | d7c445cfe90747646d2e0826a046cbd5051c268b160d6c08b6bf62464f703ae8 |
Available diffs
Binary packages built by this source
- golang-1.18: Go programming language compiler - metapackage
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a
dynamically typed, interpreted language.
.
This package is a metapackage that, when installed, guarantees
that (most of) a full Go development environment is installed.
.
To use this version, instead of the default one provided by golang-go
package, add /usr/lib/go-1.18/ bin/ to PATH, or invoke /usr/lib/ go-1.18/ bin/go
directly.
- golang-1.18-doc: Go programming language - documentation
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a fast,
statically typed, compiled language that feels like a dynamically
typed, interpreted language.
.
This package provides the documentation for the Go programming
language.
- golang-1.18-go: Go programming language compiler, linker, compiled stdlib
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides an assembler, compiler, linker, and compiled libraries
for the Go programming language.
.
To use this version, instead of the default one provided by golang-go package,
add /usr/lib/go-1.18/ bin/ to PATH, or invoke /usr/lib/ go-1.18/ bin/go directly.
- golang-1.18-go-dbgsym: debug symbols for golang-1.18-go
- golang-1.18-src: Go programming language - source files
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides the Go programming language source files needed for
compilation.
