Change log for golang-1.21 package in Ubuntu
| 1 → 31 of 31 results | First • Previous • Next • Last |
| Deleted in oracular-release (Reason: (From Debian) ROM; EOL; superseded by golang-1.22 & golan...) |
| Deleted in oracular-proposed (Reason: Moved to oracular) |
golang-1.21 (1.21.13-1) unstable; urgency=medium * Team upload * New upstream version 1.21.13 -- Shengjing Zhu <email address hidden> Wed, 07 Aug 2024 11:57:13 +0800
Available diffs
- diff from 1.21.12-1 to 1.21.13-1 (1.6 KiB)
golang-1.21 (1.21.9-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
-- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:17:17 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
- CVE-2023-45288
* SECURITY UPDATE: leak sensitive information
- debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
avoid subdomain matches on IPv6 zones
- CVE-2023-45289
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
avoid unbounded read in MIME header
- CVE-2023-45290
* SECURITY UPDATE: panic on unknown public key algorithm
- debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
is non-nil before interface conversion
- CVE-2024-24783
* SECURITY UPDATE: panic on handling special characters
- debian/patches/CVE-2024-24784.patch: net/mail: properly handle
special characters in phrase and obs-phrase
- CVE-2024-24784
* SECURITY UPDATE: template injection issue
- debian/patches/CVE-2024-24785.patch: html/template: escape additional
tokens in MarshalJSON errors
- CVE-2024-24785
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
-- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:25:00 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
- CVE-2023-45288
* SECURITY UPDATE: leak sensitive information
- debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
avoid subdomain matches on IPv6 zones
- CVE-2023-45289
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
avoid unbounded read in MIME header
- CVE-2023-45290
* SECURITY UPDATE: panic on unknown public key algorithm
- debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
is non-nil before interface conversion
- CVE-2024-24783
* SECURITY UPDATE: panic on handling special characters
- debian/patches/CVE-2024-24784.patch: net/mail: properly handle
special characters in phrase and obs-phrase
- CVE-2024-24784
* SECURITY UPDATE: template injection issue
- debian/patches/CVE-2024-24785.patch: html/template: escape additional
tokens in MarshalJSON errors
- CVE-2024-24785
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
-- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:38:50 +0530
Available diffs
golang-1.21 (1.21.12-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.12
+ CVE-2024-24791: net/http: denial of service due to improper 100-continue
handling
-- Shengjing Zhu <email address hidden> Wed, 03 Jul 2024 16:04:00 +0800
Available diffs
- diff from 1.21.11-1 to 1.21.12-1 (9.2 KiB)
golang-1.21 (1.21.11-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.11
+ CVE-2024-24789: archive/zip: mishandling of corrupt central directory
record
+ CVE-2024-24790: net/netip: unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses
-- Shengjing Zhu <email address hidden> Wed, 05 Jun 2024 07:29:58 +0800
Available diffs
- diff from 1.21.10-1 to 1.21.11-1 (10.5 KiB)
golang-1.21 (1.21.10-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.10
+ CVE-2024-24788: net: malformed DNS message can cause infinite loop
-- Shengjing Zhu <email address hidden> Wed, 08 May 2024 17:13:11 +0800
Available diffs
- diff from 1.21.9-1 to 1.21.10-1 (3.1 KiB)
| Superseded in oracular-release |
| Published in noble-release |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
golang-1.21 (1.21.9-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.9
+ CVE-2023-45288: http2: close connections when receiving too many headers
-- Shengjing Zhu <email address hidden> Thu, 04 Apr 2024 04:16:59 +0800
Available diffs
golang-1.21 (1.21.8-1build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- William Grant <email address hidden> Mon, 01 Apr 2024 16:58:25 +1100
Available diffs
- diff from 1.21.8-1 (in Debian) to 1.21.8-1build1 (554 bytes)
golang-1.21 (1.21.8-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.8
+ CVE-2024-24783: crypto/x509: Verify panics on certificates with an
unknown public key algorithm
+ CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
+ CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
sensitive headers and cookies on HTTP redirect
+ CVE-2024-24785: html/template: errors returned from MarshalJSON methods
may break template escaping
+ CVE-2024-24784: net/mail: comments in display names are incorrectly
handled
* Update upstream signing key
-- Shengjing Zhu <email address hidden> Wed, 06 Mar 2024 15:14:10 +0800
Available diffs
- diff from 1.21.7-2 to 1.21.8-1 (28.2 KiB)
golang-1.21 (1.21.7-2) unstable; urgency=medium * Team upload * Skip flaky TestCrashDumpsAllThreads on mips64le -- Shengjing Zhu <email address hidden> Mon, 26 Feb 2024 17:13:31 +0800
Available diffs
- diff from 1.21.7-1 to 1.21.7-2 (751 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
golang-1.21 (1.21.7-1) unstable; urgency=medium * Team upload * New upstream version 1.21.7 -- Shengjing Zhu <email address hidden> Wed, 21 Feb 2024 16:35:15 +0800
Available diffs
- diff from 1.21.6-1 to 1.21.7-1 (21.6 KiB)
golang-1.21 (1.21.6-1) unstable; urgency=medium * Team upload * New upstream version 1.21.6 -- Shengjing Zhu <email address hidden> Thu, 11 Jan 2024 18:46:44 +0800
Available diffs
- diff from 1.21.5-1 to 1.21.6-1 (15.5 KiB)
golang-1.21 (1.21.1-1ubuntu0.23.10.1) mantic-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:55:15 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu23.04.2) lunar-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:54:51 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:54:05 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:39:58 +0530
Available diffs
golang-1.21 (1.21.5-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.5
+ CVE-2023-39326: net/http: limit chunked data overhead
+ CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
+ CVE-2023-45283: path/filepath: retain trailing \ when cleaning paths
like \\?\c:\
-- Shengjing Zhu <email address hidden> Wed, 06 Dec 2023 15:32:23 +0800
Available diffs
- diff from 1.21.4-1 to 1.21.5-1 (17.4 KiB)
golang-1.21 (1.21.4-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.4
+ CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device
path prefix.
+ CVE-2023-45284: path/filepath: recognize device names with trailing
spaces and superscripts.
-- Shengjing Zhu <email address hidden> Wed, 08 Nov 2023 03:40:30 +0800
Available diffs
- diff from 1.21.3-1 to 1.21.4-1 (10.9 KiB)
golang-1.21 (1.21.1-1~ubuntu20.04.1) focal; urgency=medium * Backport to Focal (LP: #2040269) * d/control{,.in}: downgrade debhelper compat level to 12 * Build with Go 1.18 + d/control{,.in}: use golang-1.18-go in Build-Depends + d/rules: use /usr/lib/go-1.18/bin/go to set GOROOT_BOOTSTRAP path -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:21:36 +0800
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.1) jammy; urgency=medium * Backport to Jammy (LP: #2040269) -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:18:08 +0800
Available diffs
golang-1.21 (1.21.1-1~ubuntu23.04.1) lunar; urgency=medium * Backport to Lunar (LP: #2040269) -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:16:02 +0800
Available diffs
golang-1.21 (1.21.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.3
+ CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause
excessive work
-- Shengjing Zhu <email address hidden> Wed, 11 Oct 2023 14:53:53 +0800
Available diffs
- diff from 1.21.1-1 to 1.21.3-1 (8.8 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.21 (1.21.1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21.1
+ CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
execution
+ CVE-2023-39318: html/template: improper handling of HTML-like comments
within script contexts
+ CVE-2023-39319: html/template: improper handling of special tags within
script contexts
+ CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing
post-handshake message on QUIC connections
-- Shengjing Zhu <email address hidden> Thu, 07 Sep 2023 11:51:55 +0800
Available diffs
- diff from 1.21.0-1 to 1.21.1-1 (63.0 KiB)
| Superseded in mantic-release |
| Superseded in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.21 (1.21.0-1) unstable; urgency=medium * Team upload * New upstream version 1.21.0 -- Shengjing Zhu <email address hidden> Wed, 09 Aug 2023 14:40:00 +0800
Available diffs
- diff from 1.21~rc4-1 to 1.21.0-1 (3.5 KiB)
golang-1.21 (1.21~rc4-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc4 -- Shengjing Zhu <email address hidden> Thu, 03 Aug 2023 15:15:53 +0800
Available diffs
- diff from 1.21~rc3-2 to 1.21~rc4-1 (39.0 KiB)
golang-1.21 (1.21~rc3-2) unstable; urgency=medium
* Team upload
* Add Breaks+Replaces golang-1.21-go (<< 1.21~rc3) on golang-1.21-src
src/internal/platform/zosarch.go move from golang-1.21-go to
golang-1.21-src (Closes: #1041412)
-- Shengjing Zhu <email address hidden> Wed, 19 Jul 2023 16:12:19 +0800
Available diffs
- diff from 1.21~rc3-1 to 1.21~rc3-2 (581 bytes)
golang-1.21 (1.21~rc3-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc3 -- Shengjing Zhu <email address hidden> Mon, 17 Jul 2023 15:20:39 +0800
Available diffs
- diff from 1.21~rc2-2 to 1.21~rc3-1 (88.8 KiB)
golang-1.21 (1.21~rc2-2) unstable; urgency=medium * Team upload * Add autopkgtest -- Shengjing Zhu <email address hidden> Thu, 29 Jun 2023 16:33:35 +0800
Available diffs
- diff from 1.21~rc2-1 to 1.21~rc2-2 (701 bytes)
golang-1.21 (1.21~rc2-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc2 -- Shengjing Zhu <email address hidden> Thu, 22 Jun 2023 14:53:06 +0800
Available diffs
- diff from 1.21~rc1-1 to 1.21~rc2-1 (14.6 KiB)
golang-1.21 (1.21~rc1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.21rc1
* Install go.env in GOROOT
* Drop patches
+ 0001-Disable-test-for-UserHomeDir.patch.
Now the test doesn't fail if HOME dir doesn't exist
See https://github.com/golang/go/commit/bb4ea80b
+ 0002-Fix-Lintian-warnings-about-wrong-interpreter-path.patch.
We don't run these scripts, just leave them as is.
+ 0003-cmd-dist-increase-default-timeout-scale-for-arm.patch.
Upstream has removed arch-specific timeout scale heuristics.
See https://github.com/golang/go/issues/57117
We can move the setting to dh-golang.
+ 0004-skip-userns-test-in-schroot-as-well.patch.
Now the tests doesn't hardcode chroot types.
See https://github.com/golang/go/commit/09267142
-- Shengjing Zhu <email address hidden> Tue, 20 Jun 2023 17:39:49 +0800
| 1 → 31 of 31 results | First • Previous • Next • Last |
