golang-1.13 1.13.8-1ubuntu1.2 source package in Ubuntu
Changelog
golang-1.13 (1.13.8-1ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: http request smuggling issue
- debian/patches/CVE-2022-1705.patch: don't strip whitespace from
Transfer-Encoding headers.
- CVE-2022-1705
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
recursive.
- debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
Reader.Read.
- debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob.
- debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal.
- debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields.
- debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode.
- debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2.
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
MIME header keys.
- CVE-2022-27664
- CVE-2022-28131
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32189
- CVE-2022-41717
- CVE-2023-24534
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2022-2879.patch: limit size of headers.
- debian/source/include-binaries: add test file bz2
pax-bad-hdr-large.tar.bz2.
- CVE-2022-2879
* SECURITY UPDATE: query parameter smuggling issue in Go proxy
- debian/patches/CVE-2022-2880-pre.patch: reject query values with
semicolons.
- debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling.
- CVE-2022-2880
* SECURITY UPDATE: tls session takeover vulnerability
- debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add.
- CVE-2022-30629
* SECURITY UPDATE: sensitive information exposure
- debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone.
- CVE-2022-32148
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column number
in //line directives.
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals.
- CVE-2023-24538
-- David Fernandez Gonzalez <email address hidden> Wed, 03 Jan 2024 12:35:19 +0100
Upload details
- Uploaded by:
- David Fernandez Gonzalez
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el s390x all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | main | misc | |
| Focal | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| golang-1.13_1.13.8.orig.tar.gz | 20.6 MiB | fb18da215aa3492ce190ca741e977a87e4783eb75275affa606e37629ca00626 |
| golang-1.13_1.13.8-1ubuntu1.2.debian.tar.xz | 59.0 KiB | b59245989c5dc7aec6c13a776c4170b644451cf9458aa24f128a7e84decefb77 |
| golang-1.13_1.13.8-1ubuntu1.2.dsc | 2.7 KiB | e423d081a0149061f2ac9e63005fdca80cd6952995625c6792227391ece0e7d4 |
Available diffs
Binary packages built by this source
- golang-1.13: Go programming language compiler - metapackage
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a
dynamically typed, interpreted language.
.
This package is a metapackage that, when installed, guarantees
that (most of) a full Go development environment is installed.
- golang-1.13-doc: Go programming language - documentation
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a fast,
statically typed, compiled language that feels like a dynamically
typed, interpreted language.
.
This package provides the documentation for the Go programming
language. You can view the formatted documentation by running
"godoc --http=:6060", and then visiting
http://localhost: 6060/doc/ install. html.
- golang-1.13-go: Go programming language compiler, linker, compiled stdlib
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides an assembler, compiler, linker, and compiled libraries
for the Go programming language.
.
Go supports cross-compilation, but as of Go 1.5, it is no longer necessary to
pre-compile the standard library inside GOROOT for cross-compilation to work.
- golang-1.13-go-dbgsym: debug symbols for golang-1.13-go
- golang-1.13-src: Go programming language - source files
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides the Go programming language source files needed for
cross-compilation.
