Change log for golang-1.21 package in Ubuntu

131 of 31 results
Deleted in oracular-release (Reason: (From Debian) ROM; EOL; superseded by golang-1.22 & golan...)
Deleted in oracular-proposed (Reason: Moved to oracular)
golang-1.21 (1.21.13-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.13

 -- Shengjing Zhu <email address hidden>  Wed, 07 Aug 2024 11:57:13 +0800

Available diffs

Published in noble-updates
Published in noble-security
golang-1.21 (1.21.9-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
      EOCDR comment as an error
    - debian/source/include-binaries: Add zip testdata file
    - CVE-2024-24789
  * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
    - debian/patches/CVE-2024-24790.patch: net/netip: check if address is
      v6 mapped in Is methods
    - CVE-2024-24790

 -- Nishit Majithia <email address hidden>  Mon, 08 Jul 2024 17:17:17 +0530
Published in jammy-updates
Published in jammy-security
golang-1.21 (1.21.1-1~ubuntu22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
    - CVE-2023-45288
  * SECURITY UPDATE: leak sensitive information
    - debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
      avoid subdomain matches on IPv6 zones
    - CVE-2023-45289
  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
      avoid unbounded read in MIME header
    - CVE-2023-45290
  * SECURITY UPDATE: panic on unknown public key algorithm
    - debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
      is non-nil before interface conversion
    - CVE-2024-24783
  * SECURITY UPDATE: panic on handling special characters
    - debian/patches/CVE-2024-24784.patch: net/mail: properly handle
      special characters in phrase and obs-phrase
    - CVE-2024-24784
  * SECURITY UPDATE: template injection issue
    - debian/patches/CVE-2024-24785.patch: html/template: escape additional
      tokens in MarshalJSON errors
    - CVE-2024-24785
  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
      EOCDR comment as an error
    - debian/source/include-binaries: Add zip testdata file
    - CVE-2024-24789
  * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
    - debian/patches/CVE-2024-24790.patch: net/netip: check if address is
      v6 mapped in Is methods
    - CVE-2024-24790

 -- Nishit Majithia <email address hidden>  Mon, 08 Jul 2024 17:25:00 +0530
Published in focal-updates
Published in focal-security
golang-1.21 (1.21.1-1~ubuntu20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
    - CVE-2023-45288
  * SECURITY UPDATE: leak sensitive information
    - debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
      avoid subdomain matches on IPv6 zones
    - CVE-2023-45289
  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
      avoid unbounded read in MIME header
    - CVE-2023-45290
  * SECURITY UPDATE: panic on unknown public key algorithm
    - debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
      is non-nil before interface conversion
    - CVE-2024-24783
  * SECURITY UPDATE: panic on handling special characters
    - debian/patches/CVE-2024-24784.patch: net/mail: properly handle
      special characters in phrase and obs-phrase
    - CVE-2024-24784
  * SECURITY UPDATE: template injection issue
    - debian/patches/CVE-2024-24785.patch: html/template: escape additional
      tokens in MarshalJSON errors
    - CVE-2024-24785
  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
      EOCDR comment as an error
    - debian/source/include-binaries: Add zip testdata file
    - CVE-2024-24789
  * SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
    - debian/patches/CVE-2024-24790.patch: net/netip: check if address is
      v6 mapped in Is methods
    - CVE-2024-24790

 -- Nishit Majithia <email address hidden>  Mon, 08 Jul 2024 17:38:50 +0530
Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
golang-1.21 (1.21.12-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.12
    + CVE-2024-24791: net/http: denial of service due to improper 100-continue
      handling

 -- Shengjing Zhu <email address hidden>  Wed, 03 Jul 2024 16:04:00 +0800

Available diffs

Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
golang-1.21 (1.21.11-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.11
    + CVE-2024-24789: archive/zip: mishandling of corrupt central directory
      record
    + CVE-2024-24790: net/netip: unexpected behavior from Is methods for
      IPv4-mapped IPv6 addresses

 -- Shengjing Zhu <email address hidden>  Wed, 05 Jun 2024 07:29:58 +0800

Available diffs

Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
golang-1.21 (1.21.10-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.10
     + CVE-2024-24788: net: malformed DNS message can cause infinite loop

 -- Shengjing Zhu <email address hidden>  Wed, 08 May 2024 17:13:11 +0800

Available diffs

Superseded in oracular-release
Published in noble-release
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.9-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.9
    + CVE-2023-45288: http2: close connections when receiving too many headers

 -- Shengjing Zhu <email address hidden>  Thu, 04 Apr 2024 04:16:59 +0800
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.8-1build1) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <email address hidden>  Mon, 01 Apr 2024 16:58:25 +1100
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.8-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.8
    + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
      unknown public key algorithm
    + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
    + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
      sensitive headers and cookies on HTTP redirect
    + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
      may break template escaping
    + CVE-2024-24784: net/mail: comments in display names are incorrectly
      handled
  * Update upstream signing key

 -- Shengjing Zhu <email address hidden>  Wed, 06 Mar 2024 15:14:10 +0800

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.7-2) unstable; urgency=medium

  * Team upload
  * Skip flaky TestCrashDumpsAllThreads on mips64le

 -- Shengjing Zhu <email address hidden>  Mon, 26 Feb 2024 17:13:31 +0800

Available diffs

Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.7-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.7

 -- Shengjing Zhu <email address hidden>  Wed, 21 Feb 2024 16:35:15 +0800

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.6-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.6

 -- Shengjing Zhu <email address hidden>  Thu, 11 Jan 2024 18:46:44 +0800

Available diffs

Published in mantic-updates
Published in mantic-security
golang-1.21 (1.21.1-1ubuntu0.23.10.1) mantic-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Mon, 08 Jan 2024 11:55:15 +0530
Published in lunar-updates
Published in lunar-security
golang-1.21 (1.21.1-1~ubuntu23.04.2) lunar-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Mon, 08 Jan 2024 11:54:51 +0530
Superseded in jammy-updates
Superseded in jammy-security
golang-1.21 (1.21.1-1~ubuntu22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Mon, 08 Jan 2024 11:54:05 +0530
Superseded in focal-updates
Superseded in focal-security
golang-1.21 (1.21.1-1~ubuntu20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Mon, 08 Jan 2024 11:39:58 +0530
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.5-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.5
    + CVE-2023-39326: net/http: limit chunked data overhead
    + CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
    + CVE-2023-45283: path/filepath: retain trailing \ when cleaning paths
      like \\?\c:\

 -- Shengjing Zhu <email address hidden>  Wed, 06 Dec 2023 15:32:23 +0800

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.4-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.4
    + CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device
      path prefix.
    + CVE-2023-45284: path/filepath: recognize device names with trailing
      spaces and superscripts.

 -- Shengjing Zhu <email address hidden>  Wed, 08 Nov 2023 03:40:30 +0800

Available diffs

Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates)
golang-1.21 (1.21.1-1~ubuntu20.04.1) focal; urgency=medium

  * Backport to Focal (LP: #2040269)
  * d/control{,.in}: downgrade debhelper compat level to 12
  * Build with Go 1.18
    + d/control{,.in}: use golang-1.18-go in Build-Depends
    + d/rules: use /usr/lib/go-1.18/bin/go to set GOROOT_BOOTSTRAP path

 -- Shengjing Zhu <email address hidden>  Wed, 25 Oct 2023 16:21:36 +0800
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates)
golang-1.21 (1.21.1-1~ubuntu22.04.1) jammy; urgency=medium

  * Backport to Jammy (LP: #2040269)

 -- Shengjing Zhu <email address hidden>  Wed, 25 Oct 2023 16:18:08 +0800
Superseded in lunar-updates
Deleted in lunar-proposed (Reason: moved to -updates)
golang-1.21 (1.21.1-1~ubuntu23.04.1) lunar; urgency=medium

  * Backport to Lunar (LP: #2040269)

 -- Shengjing Zhu <email address hidden>  Wed, 25 Oct 2023 16:16:02 +0800
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
golang-1.21 (1.21.3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.3
    + CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause
      excessive work

 -- Shengjing Zhu <email address hidden>  Wed, 11 Oct 2023 14:53:53 +0800

Available diffs

Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.1
    + CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
      execution
    + CVE-2023-39318: html/template: improper handling of HTML-like comments
      within script contexts
    + CVE-2023-39319: html/template: improper handling of special tags within
      script contexts
    + CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing
      post-handshake message on QUIC connections

 -- Shengjing Zhu <email address hidden>  Thu, 07 Sep 2023 11:51:55 +0800

Available diffs

Superseded in mantic-release
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21.0-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.0

 -- Shengjing Zhu <email address hidden>  Wed, 09 Aug 2023 14:40:00 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc4-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc4

 -- Shengjing Zhu <email address hidden>  Thu, 03 Aug 2023 15:15:53 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc3-2) unstable; urgency=medium

  * Team upload
  * Add Breaks+Replaces golang-1.21-go (<< 1.21~rc3) on golang-1.21-src
    src/internal/platform/zosarch.go move from golang-1.21-go to
    golang-1.21-src (Closes: #1041412)

 -- Shengjing Zhu <email address hidden>  Wed, 19 Jul 2023 16:12:19 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc3

 -- Shengjing Zhu <email address hidden>  Mon, 17 Jul 2023 15:20:39 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc2-2) unstable; urgency=medium

  * Team upload
  * Add autopkgtest

 -- Shengjing Zhu <email address hidden>  Thu, 29 Jun 2023 16:33:35 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc2-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc2

 -- Shengjing Zhu <email address hidden>  Thu, 22 Jun 2023 14:53:06 +0800

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
golang-1.21 (1.21~rc1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21rc1
  * Install go.env in GOROOT
  * Drop patches
    + 0001-Disable-test-for-UserHomeDir.patch.
      Now the test doesn't fail if HOME dir doesn't exist
      See https://github.com/golang/go/commit/bb4ea80b
    + 0002-Fix-Lintian-warnings-about-wrong-interpreter-path.patch.
      We don't run these scripts, just leave them as is.
    + 0003-cmd-dist-increase-default-timeout-scale-for-arm.patch.
      Upstream has removed arch-specific timeout scale heuristics.
      See https://github.com/golang/go/issues/57117
      We can move the setting to dh-golang.
    + 0004-skip-userns-test-in-schroot-as-well.patch.
      Now the tests doesn't hardcode chroot types.
      See https://github.com/golang/go/commit/09267142

 -- Shengjing Zhu <email address hidden>  Tue, 20 Jun 2023 17:39:49 +0800
131 of 31 results