Ubuntu
golang-1.18 package

golang-1.18 1.18.1-1ubuntu1~18.04.4 source package in Ubuntu

Changelog

golang-1.18 (1.18.1-1ubuntu1~18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: http request smuggling issue
    - debian/patches/CVE-2022-1705.patch: don't strip whitespace from
      Transfer-Encoding headers
    - CVE-2022-1705
  * SECURITY UPDATE: DoS issue due to panic
    - debian/patches/CVE-2022-1962.patch: limit recursion depth
    - debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2
    - debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
      recursive
    - debian/patches/CVE-2022-30630.patch: fix stack exhaustion in Glob
    - debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
      Reader.Read
    - debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob
    - debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal
    - debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields
    - debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode
    - debian/patches/CVE-2022-41715.patch: limit size of parsed regexps
    - debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2
    - debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
      MIME header keys
    - CVE-2022-1962
    - CVE-2022-27664
    - CVE-2022-28131
    - CVE-2022-30630
    - CVE-2022-30631
    - CVE-2022-30632
    - CVE-2022-30633
    - CVE-2022-30635
    - CVE-2022-32189
    - CVE-2022-41715
    - CVE-2022-41717
    - CVE-2023-24534
  * SECURITY UPDATE: out-of-bound read issue
    - debian/patches/CVE-2022-2879.patch: limit size of headers
    - CVE-2022-2879
  * SECURITY UPDATE: query parameter smuggling issue in Go proxy
    - debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling
    - CVE-2022-2880
  * SECURITY UPDATE: Incorrect privilege assignment issue
    - debian/patches/CVE-2022-29526.patch: check correct group in Faccessat
    - CVE-2022-29526
  * SECURITY UPDATE: tls session takeover vulnerability
    - debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add
    - CVE-2022-30629
  * SECURITY UPDATE: sensitive information exposure
    - debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone
    - CVE-2022-32148
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2023-24537.patch: reject large line and column number
      in //line directives
    - CVE-2023-24537
  * SECURITY UPDATE: code injection vulnerability
    - debian/patches/CVE-2023-24538.patch: disallow actions in JS template
      literals
    - debian/patches/godebug_dep_test_error.patch: fix test dependency error
    - CVE-2023-24538

 -- Nishit Majithia <email address hidden>  Mon, 24 Apr 2023 11:12:55 +0530

Upload details

Uploaded by:: Nishit Majithia on 2023-04-25

Uploaded to:: Bionic

Original maintainer:: Ubuntu Developers

Architectures:: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el riscv64 s390x all

Section:: golang

Urgency:: Medium Urgency

See full publishing history Publishing

Series	Pocket	Published	Component	Section
Bionic	updates	on 2023-04-25	universe	golang
Bionic	security	on 2023-04-25	universe	golang

Builds

Bionic: amd64 arm64 armhf i386 ppc64el s390x

Downloads

File	Size	SHA-256 Checksum
golang-1.18_1.18.1.orig.tar.gz	21.8 MiB	efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088
golang-1.18_1.18.1-1ubuntu1~18.04.4.debian.tar.xz	65.1 KiB	f75b7ab792b6abd0e6aa5543393821c2ec63c8300e246b215879ea838e26b97f
golang-1.18_1.18.1-1ubuntu1~18.04.4.dsc	2.5 KiB	e4fc14a86142d4c3cf383e13d6c8a8276cf9a8c48d9a56b0e840865284b516e6

Available diffs

diff from 1.18.1-1ubuntu1~18.04.3 (in Ubuntu) to 1.18.1-1ubuntu1~18.04.4 (30.2 KiB)
diff from 1.18.10-1 (in Debian) to 1.18.1-1ubuntu1~18.04.4 (285.8 KiB)

View changes file

Binary packages built by this source

golang-1.18: Go programming language compiler - metapackage: The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a
dynamically typed, interpreted language.
.
This package is a metapackage that, when installed, guarantees
that (most of) a full Go development environment is installed.
.
To use this version, instead of the default one provided by golang-go
package, add /usr/lib/go-1.18/bin/ to PATH, or invoke /usr/lib/go-1.18/bin/go
directly.

golang-1.18-doc: Go programming language - documentation: The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a fast,
statically typed, compiled language that feels like a dynamically
typed, interpreted language.
.
This package provides the documentation for the Go programming
language.

golang-1.18-go: Go programming language compiler, linker, compiled stdlib: The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides an assembler, compiler, linker, and compiled libraries
for the Go programming language.
.
To use this version, instead of the default one provided by golang-go package,
add /usr/lib/go-1.18/bin/ to PATH, or invoke /usr/lib/go-1.18/bin/go directly.

golang-1.18-src: Go programming language - source files: The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides the Go programming language source files needed for
compilation.

Ubuntugolang-1.18 package

golang-1.18 1.18.1-1ubuntu1~18.04.4 source package in Ubuntu

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Available diffs

Binary packages built by this source

Ubuntu
golang-1.18 package