golang-1.17 1.17.13-3ubuntu1.2 source package in Ubuntu

Changelog

golang-1.17 (1.17.13-3ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Code Injection, XSS, Denial of Service
    - debian/patches/CVE-2023-24531.patch: cmd/go: sanitize go env
      outputs
    - debian/patches/CVE-2023-24538.patch: html/template: disallow
      actions in JS template literals
    - debian/patches/CVE-2023-29402.patch: cmd/go: disallow package
      directories containing newlines
    - debian/patches/CVE-2023-29403.patch: runtime: implement SUID/SGID
      protections. Thanks to Tang Xi from OpenEuler for the backport.
    - debian/patches/CVE-2023-29404.patch: cmd/go: enforce flags with
      non-optional arguments
    - debian/patches/CVE-2023-29405-1.patch: cmd/go,cmd/cgo: in
      _cgo_flags use one line per flag
    - debian/patches/CVE-2023-29405-2.patch: cmd/cgo: correct
      _cgo_flags output
    - debian/patches/CVE-2023-29406.patch: net/http: validate Host
      header before sending
    - debian/patches/CVE-2023-39318.patch: html/template: support
      HTML-like comments in script contexts
    - debian/patches/CVE-2023-39319.patch: html/template: properly
      handle special tags within the script context
    - debian/patches/CVE-2023-39325.patch: net/http: regenerate
      h2_bundle.go
    - debian/patches/CVE-2024-24785.patch: html/template: escape
      additional tokens in MarshalJSON errors
    - CVE-2023-24531
    - CVE-2023-24538
    - CVE-2023-29402
    - CVE-2023-29403
    - CVE-2023-29404
    - CVE-2023-29405
    - CVE-2023-29406
    - CVE-2023-39318
    - CVE-2023-39319
    - CVE-2023-39325
    - CVE-2024-24785
  * debian/patches/0007-backport-syscall-package-1.patch,
    debian/patches/0008-backport-syscall-package-2.patch,
    debian/patches/0009-backport-syscall-package-3.patch,
    debian/patches/0010-backport-syscall-package-4.patch,
    debian/patches/0011-backport-syscall-package-5.patch,
    debian/patches/0012-backport-syscall-package-6.patch: backport
    syscall pacakge for the fix for CVE-2023-29403 from upstream.

 -- Allen Huang <email address hidden>  Tue, 24 Sep 2024 14:26:38 +0100

Upload details

Uploaded by:
Allen Huang
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el riscv64 s390x all
Section:
golang
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
golang-1.17_1.17.13.orig.tar.gz 21.2 MiB a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd
golang-1.17_1.17.13.orig.tar.gz.asc 819 bytes bb64ccde19f26f76031d05ff52e813d75970220be12f1aca61eddfe9f3b009f0
golang-1.17_1.17.13-3ubuntu1.2.debian.tar.xz 73.9 KiB 0e60730f55e440f9080955a6229a65f7258da3bf1669e6d83882da0a526b7c2c
golang-1.17_1.17.13-3ubuntu1.2.dsc 2.9 KiB cc5af06ac01f88260ee1005baa202b605ccc66f1028416dfc8d7cddafad05eb3

View changes file

Binary packages built by this source

golang-1.17: Go programming language compiler - metapackage

 The Go programming language is an open source project to make
 programmers more productive. Go is expressive, concise, clean, and
 efficient. Its concurrency mechanisms make it easy to write programs
 that get the most out of multicore and networked machines, while its
 novel type system enables flexible and modular program construction.
 Go compiles quickly to machine code yet has the convenience of
 garbage collection and the power of run-time reflection. It's a
 fast, statically typed, compiled language that feels like a
 dynamically typed, interpreted language.
 .
 This package is a metapackage that, when installed, guarantees
 that (most of) a full Go development environment is installed.
 .
 To use this version, instead of the default one provided by golang-go
 package, add /usr/lib/go-1.17/bin/ to PATH, or invoke /usr/lib/go-1.17/bin/go
 directly.

golang-1.17-doc: Go programming language - documentation

 The Go programming language is an open source project to make
 programmers more productive. Go is expressive, concise, clean, and
 efficient. Its concurrency mechanisms make it easy to write programs
 that get the most out of multicore and networked machines, while its
 novel type system enables flexible and modular program construction.
 Go compiles quickly to machine code yet has the convenience of
 garbage collection and the power of run-time reflection. It's a fast,
 statically typed, compiled language that feels like a dynamically
 typed, interpreted language.
 .
 This package provides the documentation for the Go programming
 language.

golang-1.17-go: Go programming language compiler, linker, compiled stdlib

 The Go programming language is an open source project to make programmers more
 productive. Go is expressive, concise, clean, and efficient. Its concurrency
 mechanisms make it easy to write programs that get the most out of multicore
 and networked machines, while its novel type system enables flexible and
 modular program construction. Go compiles quickly to machine code yet has the
 convenience of garbage collection and the power of run-time reflection. It's a
 fast, statically typed, compiled language that feels like a dynamically typed,
 interpreted language.
 .
 This package provides an assembler, compiler, linker, and compiled libraries
 for the Go programming language.
 .
 To use this version, instead of the default one provided by golang-go package,
 add /usr/lib/go-1.17/bin/ to PATH, or invoke /usr/lib/go-1.17/bin/go directly.

golang-1.17-go-dbgsym: debug symbols for golang-1.17-go
golang-1.17-src: Go programming language - source files

 The Go programming language is an open source project to make programmers more
 productive. Go is expressive, concise, clean, and efficient. Its concurrency
 mechanisms make it easy to write programs that get the most out of multicore
 and networked machines, while its novel type system enables flexible and
 modular program construction. Go compiles quickly to machine code yet has the
 convenience of garbage collection and the power of run-time reflection. It's a
 fast, statically typed, compiled language that feels like a dynamically typed,
 interpreted language.
 .
 This package provides the Go programming language source files needed for
 compilation.