Change log for golang-1.21 package in Ubuntu
1 → 31 of 31 results | First • Previous • Next • Last |
Deleted in oracular-release (Reason: (From Debian) ROM; EOL; superseded by golang-1.22 & golan...) |
Deleted in oracular-proposed (Reason: Moved to oracular) |
golang-1.21 (1.21.13-1) unstable; urgency=medium * Team upload * New upstream version 1.21.13 -- Shengjing Zhu <email address hidden> Wed, 07 Aug 2024 11:57:13 +0800
Available diffs
- diff from 1.21.12-1 to 1.21.13-1 (1.6 KiB)
golang-1.21 (1.21.9-1ubuntu0.1) noble-security; urgency=medium * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated EOCDR comment as an error - debian/source/include-binaries: Add zip testdata file - CVE-2024-24789 * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue - debian/patches/CVE-2024-24790.patch: net/netip: check if address is v6 mapped in Is methods - CVE-2024-24790 -- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:17:17 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2 - CVE-2023-45288 * SECURITY UPDATE: leak sensitive information - debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar: avoid subdomain matches on IPv6 zones - CVE-2023-45289 * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart: avoid unbounded read in MIME header - CVE-2023-45290 * SECURITY UPDATE: panic on unknown public key algorithm - debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key is non-nil before interface conversion - CVE-2024-24783 * SECURITY UPDATE: panic on handling special characters - debian/patches/CVE-2024-24784.patch: net/mail: properly handle special characters in phrase and obs-phrase - CVE-2024-24784 * SECURITY UPDATE: template injection issue - debian/patches/CVE-2024-24785.patch: html/template: escape additional tokens in MarshalJSON errors - CVE-2024-24785 * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated EOCDR comment as an error - debian/source/include-binaries: Add zip testdata file - CVE-2024-24789 * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue - debian/patches/CVE-2024-24790.patch: net/netip: check if address is v6 mapped in Is methods - CVE-2024-24790 -- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:25:00 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu20.04.3) focal-security; urgency=medium * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2 - CVE-2023-45288 * SECURITY UPDATE: leak sensitive information - debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar: avoid subdomain matches on IPv6 zones - CVE-2023-45289 * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart: avoid unbounded read in MIME header - CVE-2023-45290 * SECURITY UPDATE: panic on unknown public key algorithm - debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key is non-nil before interface conversion - CVE-2024-24783 * SECURITY UPDATE: panic on handling special characters - debian/patches/CVE-2024-24784.patch: net/mail: properly handle special characters in phrase and obs-phrase - CVE-2024-24784 * SECURITY UPDATE: template injection issue - debian/patches/CVE-2024-24785.patch: html/template: escape additional tokens in MarshalJSON errors - CVE-2024-24785 * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated EOCDR comment as an error - debian/source/include-binaries: Add zip testdata file - CVE-2024-24789 * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue - debian/patches/CVE-2024-24790.patch: net/netip: check if address is v6 mapped in Is methods - CVE-2024-24790 -- Nishit Majithia <email address hidden> Mon, 08 Jul 2024 17:38:50 +0530
Available diffs
golang-1.21 (1.21.12-1) unstable; urgency=medium * Team upload * New upstream version 1.21.12 + CVE-2024-24791: net/http: denial of service due to improper 100-continue handling -- Shengjing Zhu <email address hidden> Wed, 03 Jul 2024 16:04:00 +0800
Available diffs
- diff from 1.21.11-1 to 1.21.12-1 (9.2 KiB)
golang-1.21 (1.21.11-1) unstable; urgency=medium * Team upload * New upstream version 1.21.11 + CVE-2024-24789: archive/zip: mishandling of corrupt central directory record + CVE-2024-24790: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses -- Shengjing Zhu <email address hidden> Wed, 05 Jun 2024 07:29:58 +0800
Available diffs
- diff from 1.21.10-1 to 1.21.11-1 (10.5 KiB)
golang-1.21 (1.21.10-1) unstable; urgency=medium * Team upload * New upstream version 1.21.10 + CVE-2024-24788: net: malformed DNS message can cause infinite loop -- Shengjing Zhu <email address hidden> Wed, 08 May 2024 17:13:11 +0800
Available diffs
- diff from 1.21.9-1 to 1.21.10-1 (3.1 KiB)
Superseded in oracular-release |
Published in noble-release |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
golang-1.21 (1.21.9-1) unstable; urgency=medium * Team upload * New upstream version 1.21.9 + CVE-2023-45288: http2: close connections when receiving too many headers -- Shengjing Zhu <email address hidden> Thu, 04 Apr 2024 04:16:59 +0800
Available diffs
golang-1.21 (1.21.8-1build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- William Grant <email address hidden> Mon, 01 Apr 2024 16:58:25 +1100
Available diffs
- diff from 1.21.8-1 (in Debian) to 1.21.8-1build1 (554 bytes)
golang-1.21 (1.21.8-1) unstable; urgency=medium * Team upload * New upstream version 1.21.8 + CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping + CVE-2024-24784: net/mail: comments in display names are incorrectly handled * Update upstream signing key -- Shengjing Zhu <email address hidden> Wed, 06 Mar 2024 15:14:10 +0800
Available diffs
- diff from 1.21.7-2 to 1.21.8-1 (28.2 KiB)
golang-1.21 (1.21.7-2) unstable; urgency=medium * Team upload * Skip flaky TestCrashDumpsAllThreads on mips64le -- Shengjing Zhu <email address hidden> Mon, 26 Feb 2024 17:13:31 +0800
Available diffs
- diff from 1.21.7-1 to 1.21.7-2 (751 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
golang-1.21 (1.21.7-1) unstable; urgency=medium * Team upload * New upstream version 1.21.7 -- Shengjing Zhu <email address hidden> Wed, 21 Feb 2024 16:35:15 +0800
Available diffs
- diff from 1.21.6-1 to 1.21.7-1 (21.6 KiB)
golang-1.21 (1.21.6-1) unstable; urgency=medium * Team upload * New upstream version 1.21.6 -- Shengjing Zhu <email address hidden> Thu, 11 Jan 2024 18:46:44 +0800
Available diffs
- diff from 1.21.5-1 to 1.21.6-1 (15.5 KiB)
golang-1.21 (1.21.1-1ubuntu0.23.10.1) mantic-security; urgency=medium * SECURITY UPDATE: bypass directives restrictions - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file name in isCgo check - CVE-2023-39323 * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum handler goroutines to MaxConcurrentStreams - CVE-2023-39325 - CVE-2023-44487 * SECURITY UPDATE: out-of-bound read - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data overhead - CVE-2023-39326 * SECURITY UPDATE: bypass secure protocol - debian/patches/CVE-2023-45285.patch: error out if the requested repo does not support a secure protocol - CVE-2023-45285 -- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:55:15 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu23.04.2) lunar-security; urgency=medium * SECURITY UPDATE: bypass directives restrictions - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file name in isCgo check - CVE-2023-39323 * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum handler goroutines to MaxConcurrentStreams - CVE-2023-39325 - CVE-2023-44487 * SECURITY UPDATE: out-of-bound read - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data overhead - CVE-2023-39326 * SECURITY UPDATE: bypass secure protocol - debian/patches/CVE-2023-45285.patch: error out if the requested repo does not support a secure protocol - CVE-2023-45285 -- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:54:51 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.2) jammy-security; urgency=medium * SECURITY UPDATE: bypass directives restrictions - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file name in isCgo check - CVE-2023-39323 * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum handler goroutines to MaxConcurrentStreams - CVE-2023-39325 - CVE-2023-44487 * SECURITY UPDATE: out-of-bound read - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data overhead - CVE-2023-39326 * SECURITY UPDATE: bypass secure protocol - debian/patches/CVE-2023-45285.patch: error out if the requested repo does not support a secure protocol - CVE-2023-45285 -- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:54:05 +0530
Available diffs
golang-1.21 (1.21.1-1~ubuntu20.04.2) focal-security; urgency=medium * SECURITY UPDATE: bypass directives restrictions - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file name in isCgo check - CVE-2023-39323 * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum handler goroutines to MaxConcurrentStreams - CVE-2023-39325 - CVE-2023-44487 * SECURITY UPDATE: out-of-bound read - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data overhead - CVE-2023-39326 * SECURITY UPDATE: bypass secure protocol - debian/patches/CVE-2023-45285.patch: error out if the requested repo does not support a secure protocol - CVE-2023-45285 -- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:39:58 +0530
Available diffs
golang-1.21 (1.21.5-1) unstable; urgency=medium * Team upload * New upstream version 1.21.5 + CVE-2023-39326: net/http: limit chunked data overhead + CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git + CVE-2023-45283: path/filepath: retain trailing \ when cleaning paths like \\?\c:\ -- Shengjing Zhu <email address hidden> Wed, 06 Dec 2023 15:32:23 +0800
Available diffs
- diff from 1.21.4-1 to 1.21.5-1 (17.4 KiB)
golang-1.21 (1.21.4-1) unstable; urgency=medium * Team upload * New upstream version 1.21.4 + CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device path prefix. + CVE-2023-45284: path/filepath: recognize device names with trailing spaces and superscripts. -- Shengjing Zhu <email address hidden> Wed, 08 Nov 2023 03:40:30 +0800
Available diffs
- diff from 1.21.3-1 to 1.21.4-1 (10.9 KiB)
golang-1.21 (1.21.1-1~ubuntu20.04.1) focal; urgency=medium * Backport to Focal (LP: #2040269) * d/control{,.in}: downgrade debhelper compat level to 12 * Build with Go 1.18 + d/control{,.in}: use golang-1.18-go in Build-Depends + d/rules: use /usr/lib/go-1.18/bin/go to set GOROOT_BOOTSTRAP path -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:21:36 +0800
Available diffs
golang-1.21 (1.21.1-1~ubuntu22.04.1) jammy; urgency=medium * Backport to Jammy (LP: #2040269) -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:18:08 +0800
Available diffs
golang-1.21 (1.21.1-1~ubuntu23.04.1) lunar; urgency=medium * Backport to Lunar (LP: #2040269) -- Shengjing Zhu <email address hidden> Wed, 25 Oct 2023 16:16:02 +0800
Available diffs
golang-1.21 (1.21.3-1) unstable; urgency=medium * Team upload * New upstream version 1.21.3 + CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause excessive work -- Shengjing Zhu <email address hidden> Wed, 11 Oct 2023 14:53:53 +0800
Available diffs
- diff from 1.21.1-1 to 1.21.3-1 (8.8 KiB)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.21 (1.21.1-1) unstable; urgency=medium * Team upload * New upstream version 1.21.1 + CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary execution + CVE-2023-39318: html/template: improper handling of HTML-like comments within script contexts + CVE-2023-39319: html/template: improper handling of special tags within script contexts + CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing post-handshake message on QUIC connections -- Shengjing Zhu <email address hidden> Thu, 07 Sep 2023 11:51:55 +0800
Available diffs
- diff from 1.21.0-1 to 1.21.1-1 (63.0 KiB)
Superseded in mantic-release |
Superseded in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.21 (1.21.0-1) unstable; urgency=medium * Team upload * New upstream version 1.21.0 -- Shengjing Zhu <email address hidden> Wed, 09 Aug 2023 14:40:00 +0800
Available diffs
- diff from 1.21~rc4-1 to 1.21.0-1 (3.5 KiB)
golang-1.21 (1.21~rc4-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc4 -- Shengjing Zhu <email address hidden> Thu, 03 Aug 2023 15:15:53 +0800
Available diffs
- diff from 1.21~rc3-2 to 1.21~rc4-1 (39.0 KiB)
golang-1.21 (1.21~rc3-2) unstable; urgency=medium * Team upload * Add Breaks+Replaces golang-1.21-go (<< 1.21~rc3) on golang-1.21-src src/internal/platform/zosarch.go move from golang-1.21-go to golang-1.21-src (Closes: #1041412) -- Shengjing Zhu <email address hidden> Wed, 19 Jul 2023 16:12:19 +0800
Available diffs
- diff from 1.21~rc3-1 to 1.21~rc3-2 (581 bytes)
golang-1.21 (1.21~rc3-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc3 -- Shengjing Zhu <email address hidden> Mon, 17 Jul 2023 15:20:39 +0800
Available diffs
- diff from 1.21~rc2-2 to 1.21~rc3-1 (88.8 KiB)
golang-1.21 (1.21~rc2-2) unstable; urgency=medium * Team upload * Add autopkgtest -- Shengjing Zhu <email address hidden> Thu, 29 Jun 2023 16:33:35 +0800
Available diffs
- diff from 1.21~rc2-1 to 1.21~rc2-2 (701 bytes)
golang-1.21 (1.21~rc2-1) unstable; urgency=medium * Team upload * New upstream version 1.21~rc2 -- Shengjing Zhu <email address hidden> Thu, 22 Jun 2023 14:53:06 +0800
Available diffs
- diff from 1.21~rc1-1 to 1.21~rc2-1 (14.6 KiB)
golang-1.21 (1.21~rc1-1) unstable; urgency=medium * Team upload * New upstream version 1.21rc1 * Install go.env in GOROOT * Drop patches + 0001-Disable-test-for-UserHomeDir.patch. Now the test doesn't fail if HOME dir doesn't exist See https://github.com/golang/go/commit/bb4ea80b + 0002-Fix-Lintian-warnings-about-wrong-interpreter-path.patch. We don't run these scripts, just leave them as is. + 0003-cmd-dist-increase-default-timeout-scale-for-arm.patch. Upstream has removed arch-specific timeout scale heuristics. See https://github.com/golang/go/issues/57117 We can move the setting to dh-golang. + 0004-skip-userns-test-in-schroot-as-well.patch. Now the tests doesn't hardcode chroot types. See https://github.com/golang/go/commit/09267142 -- Shengjing Zhu <email address hidden> Tue, 20 Jun 2023 17:39:49 +0800
1 → 31 of 31 results | First • Previous • Next • Last |