Change log for golang-1.13 package in Ubuntu
| 1 → 33 of 33 results | First • Previous • Next • Last |
golang-1.13 (1.13.8-1ubuntu2.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: http request smuggling issue
- debian/patches/CVE-2022-1705.patch: don't strip whitespace from
Transfer-Encoding headers.
- CVE-2022-1705
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
recursive.
- debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
Reader.Read.
- debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob.
- debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal.
- debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields.
- debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode.
- debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
MIME header keys.
- CVE-2022-27664
- CVE-2022-28131
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32189
- CVE-2022-41717
- CVE-2023-24534
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2022-2879.patch: limit size of headers.
- debian/source/include-binaries: add test file bz2
pax-bad-hdr-large.tar.bz2.
- CVE-2022-2879
* SECURITY UPDATE: query parameter smuggling issue in Go proxy
- debian/patches/CVE-2022-2880-pre.patch: reject query values with
semicolons.
- debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling.
- CVE-2022-2880
* SECURITY UPDATE: tls session takeover vulnerability
- debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add.
- CVE-2022-30629
* SECURITY UPDATE: sensitive information exposure
- debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone.
- CVE-2022-32148
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column number
in //line directives.
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals.
- CVE-2023-24538
-- David Fernandez Gonzalez <email address hidden> Wed, 03 Jan 2024 17:12:49 +0100
golang-1.13 (1.13.8-1ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: http request smuggling issue
- debian/patches/CVE-2022-1705.patch: don't strip whitespace from
Transfer-Encoding headers.
- CVE-2022-1705
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
recursive.
- debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
Reader.Read.
- debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob.
- debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal.
- debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields.
- debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode.
- debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
MIME header keys.
- CVE-2022-27664
- CVE-2022-28131
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32189
- CVE-2022-41717
- CVE-2023-24534
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2022-2879.patch: limit size of headers.
- debian/source/include-binaries: add test file bz2
pax-bad-hdr-large.tar.bz2.
- CVE-2022-2879
* SECURITY UPDATE: query parameter smuggling issue in Go proxy
- debian/patches/CVE-2022-2880-pre.patch: reject query values with
semicolons.
- debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling.
- CVE-2022-2880
* SECURITY UPDATE: tls session takeover vulnerability
- debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add.
- CVE-2022-30629
* SECURITY UPDATE: sensitive information exposure
- debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone.
- CVE-2022-32148
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column number
in //line directives.
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals.
- CVE-2023-24538
-- David Fernandez Gonzalez <email address hidden> Wed, 03 Jan 2024 12:35:19 +0100
Available diffs
| Deleted in lunar-release (Reason: (From Debian) ROM; superseded by golang-1.14; Debian bug ...) |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
golang-1.13 (1.13.8-1ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: Infinite read loop via invalid inputs
- debian/patches/CVE-2020-16845.patch: ensure that ReadUvarint
reads a limited amount of data in src/encoding/binary/varint.go.
- CVE-2020-16845
* debian/control.in: Add gcc-10 and g++-10 as DWARF5 is not compatible
and is used in versions greater than 10.
* debian/rules: Enforce the use of gcc-10 and g++-10.
-- David Fernandez Gonzalez <email address hidden> Thu, 10 Nov 2022 09:34:31 +0100
Available diffs
golang-1.13 (1.13.8-1ubuntu2.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Infinite read loop via invalid inputs
- debian/patches/CVE-2020-16845.patch: ensure that ReadUvarint
reads a limited amount of data in src/encoding/binary/varint.go.
- CVE-2020-16845
* debian/control.in: Add gcc-10 and g++-10 as gcc-11 and g++-11 are
the new default versions. DWARF5 is not compatible and is used by
11 versions.
* debian/rules: Enforce the use of gcc-10 and g++-10.
-- David Fernandez Gonzalez <email address hidden> Wed, 09 Nov 2022 16:10:42 +0100
Available diffs
golang-1.13 (1.13.8-1ubuntu1~18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Infinite read loop via invalid inputs
- debian/patches/CVE-2020-16845.patch: ensure that ReadUvarint
reads a limited amount of data in src/encoding/binary/varint.go.
- CVE-2020-16845
-- David Fernandez Gonzalez <email address hidden> Wed, 09 Nov 2022 11:26:09 +0100
golang-1.13 (1.13.8-1ubuntu2.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Infinite read loop via invalid inputs
- debian/patches/CVE-2020-16845.patch: ensure that ReadUvarint
reads a limited amount of data in src/encoding/binary/varint.go.
- CVE-2020-16845
* debian/control.in: Add gcc-10 and g++-10 as gcc-11 and g++-11 are
the new default versions. DWARF5 is not compatible and is used by
11 versions.
* debian/rules: Enforce the use of gcc-10 and g++-10.
-- David Fernandez Gonzalez <email address hidden> Wed, 09 Nov 2022 11:27:25 +0100
Available diffs
golang-1.13 (1.13.8-1ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: Infinite read loop via invalid inputs
- debian/patches/CVE-2020-16845.patch: ensure that ReadUvarint
reads a limited amount of data in src/encoding/binary/varint.go.
- CVE-2020-16845
-- David Fernandez Gonzalez <email address hidden> Wed, 09 Nov 2022 11:28:24 +0100
Available diffs
golang-1.13 (1.13.8-1ubuntu1~18.04.3) bionic-security; urgency=medium * No change rebuild -- Eduardo Barretto <email address hidden> Mon, 17 May 2021 13:01:29 +0200
Available diffs
golang-1.13 (1.13.8-1ubuntu1~16.04.3) xenial; urgency=medium
* Workaround a debhelper/binutils combo bug on Xenial where compress/zlib.a
gets stripped, which mangles it. (LP: #1913852)
-- Michael Hudson-Doyle <email address hidden> Thu, 11 Feb 2021 14:39:49 +1300
Available diffs
golang-1.13 (1.13.8-1ubuntu1~18.04.2) bionic; urgency=medium
* Don't declare Breaks: on dh-golang (<< 1.43~) in golang-go
Packages using this golang version should work around the incompatibility
in debian/rules by setting GOCACHE to an absolute path:
export GOCACHE := ${CURDIR}/_build/go-build
Available diffs
golang-1.13 (1.13.8-1ubuntu1~16.04.2) xenial; urgency=medium
* Don't declare Breaks: on dh-golang (<< 1.43~) in golang-go
Packages using this golang version should work around the incompatibility
in debian/rules by setting GOCACHE to an absolute path:
export GOCACHE := ${CURDIR}/_build/go-build
Available diffs
| Superseded in bionic-proposed |
golang-1.13 (1.13.8-1ubuntu1~18.04.1) bionic; urgency=medium * Backport to 18.04. (LP: #1911478) * Relax debhelper requirement. -- Michael Hudson-Doyle <email address hidden> Thu, 14 Jan 2021 13:36:04 +1300
Available diffs
| Superseded in xenial-proposed |
golang-1.13 (1.13.8-1ubuntu1~16.04.1) xenial; urgency=medium * Backport to 16.04. (LP: #1911478) * Relax debhelper requirement. -- Michael Hudson-Doyle <email address hidden> Thu, 14 Jan 2021 13:33:26 +1300
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Published in jammy-release |
| Obsolete in impish-release |
| Obsolete in hirsute-release |
| Superseded in hirsute-release |
| Superseded in hirsute-release |
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
golang-1.13 (1.13.8-1ubuntu2) groovy; urgency=medium
* Apply applicable parts of https://go-review.googlesource.com/c/go/+/262357/
to fix build on arm64.
-- Michael Hudson-Doyle <email address hidden> Thu, 15 Oct 2020 21:55:17 +1300
Available diffs
| Superseded in groovy-release |
| Superseded in groovy-release |
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
golang-1.13 (1.13.8-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13.7-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13.6-2ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
- diff from 1.13.6-1ubuntu1 to 1.13.6-2ubuntu1 (815 bytes)
golang-1.13 (1.13.6-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13.6-1) unstable; urgency=medium * New upstream version 1.13.6 -- Dr. Tobias Quathamer <email address hidden> Thu, 09 Jan 2020 22:57:32 +0100
Available diffs
golang-1.13 (1.13.5-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13.5-1) unstable; urgency=medium * New upstream version 1.13.5 -- Dr. Tobias Quathamer <email address hidden> Thu, 05 Dec 2019 12:27:21 +0100
Available diffs
| Superseded in focal-release |
| Superseded in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
golang-1.13 (1.13.4-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13.4-1) unstable; urgency=medium
* New upstream version 1.13.4
- Refresh patches
-- Dr. Tobias Quathamer <email address hidden> Fri, 01 Nov 2019 21:07:16 +0100
Available diffs
golang-1.13 (1.13.3-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
- diff from 1.13.1-1ubuntu1 to 1.13.3-1ubuntu1 (35.3 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to Release) |
golang-1.13 (1.13.1-1ubuntu1) eoan; urgency=medium
* Merge from Debian unstable. Remaining changes:
- cherry-pick upstream build fixes from 1.14 branch
- debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
- debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
Available diffs
golang-1.13 (1.13-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Skip a test that fails on Ubuntu/chroot
environments (See upstream issue linked to the patch)
Available diffs
- diff from 1.13~rc2-1ubuntu1 to 1.13-1ubuntu1 (3.0 KiB)
- diff from 1.13-1 (in Debian) to 1.13-1ubuntu1 (859 bytes)
golang-1.13 (1.13-1) unstable; urgency=medium
* New upstream version 1.13
- Refresh patch
* Set pristine-tar for gbp to False
-- Dr. Tobias Quathamer <email address hidden> Wed, 04 Sep 2019 11:28:07 +0200
Available diffs
golang-1.13 (1.13~rc2-1ubuntu1) eoan; urgency=medium
* Skip a test that fails on Ubuntu/chroot
environments (See upstream issue linked to the patch)
-- Gianfranco Costamagna <email address hidden> Mon, 02 Sep 2019 09:30:25 +0200
Available diffs
| Superseded in eoan-proposed |
golang-1.13 (1.13~rc2-1) unstable; urgency=medium
* New upstream version 1.13~rc2
- Remove patch for CVE-2019-9512 and CVE-2019-9514,
has been applied upstream
-- Dr. Tobias Quathamer <email address hidden> Fri, 30 Aug 2019 13:29:21 +0200
Available diffs
- diff from 1.13~rc1-2 to 1.13~rc2-1 (16.4 KiB)
| Superseded in eoan-proposed |
golang-1.13 (1.13~rc1-2) unstable; urgency=medium
* Exclude testdata from dh_makeshlibs.
Otherwise, the build fails at least on armel and armhf.
* Apply changes from cme fix dpkg
* Set Rules-Requires-Root: no
-- Dr. Tobias Quathamer <email address hidden> Thu, 22 Aug 2019 15:21:10 +0200
Available diffs
- diff from 1.13~beta1-3 to 1.13~rc1-2 (119.0 KiB)
| Superseded in eoan-proposed |
golang-1.13 (1.13~beta1-3) unstable; urgency=high
* Fix Denial of Service vulnerabilities in the HTTP/2 implementation.
https://github.com/golang/go/issues/33631
CVE-2019-9512, CVE-2019-9514. Closes: #934955
* Fix multiple Parsing Issues in URL.Parse
https://github.com/golang/go/issues/29098
CVE-2019-14809. Closes: #934954
-- Dr. Tobias Quathamer <email address hidden> Sat, 17 Aug 2019 23:47:53 +0200
Available diffs
- diff from 1.13~beta1-2 to 1.13~beta1-3 (5.4 KiB)
| Superseded in eoan-proposed |
golang-1.13 (1.13~beta1-2) unstable; urgency=medium * Set GOCACHE to fix a FTBFS. (See bug #933958) -- Dr. Tobias Quathamer <email address hidden> Fri, 09 Aug 2019 16:40:13 +0200
Available diffs
- diff from 1.13~beta1-1 to 1.13~beta1-2 (554 bytes)
| Superseded in eoan-proposed |
golang-1.13 (1.13~beta1-1) unstable; urgency=medium
* New upstream major version.
- Remove Reproducible-BUILD_PATH_PREFIX_MAP.patch.
This patch is finally no longer needed with Go 1.13.
Upstream has implemented a new flag "-trimpath" for the
command "go build" which either strips the path or
replaces it in the resulting binaries.
References:
https://github.com/golang/go/issues/16860
https://go-review.googlesource.com/c/go/+/173345/
https://go-review.googlesource.com/c/go/+/173344/
- Remove arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch.
This patch has been cherry-picked from upstream and is now included.
- Refresh remaining patches
- Fix lintian warning: make scripts executable
* Switch to debhelper-compat, but stay at v11 for now
-- Dr. Tobias Quathamer <email address hidden> Thu, 01 Aug 2019 14:21:51 +0200
| 1 → 33 of 33 results | First • Previous • Next • Last |
