Change log for golang-1.19 package in Ubuntu
| 1 → 24 of 24 results | First • Previous • Next • Last |
| Deleted in mantic-release (Reason: Superseded, EOL, no revdeps; LP: #2009812) |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.19 (1.19.13-1) unstable; urgency=medium
* Team upload
* New upstream version 1.19.13
+ Improve backward compatibility for fixes of CVE-2023-29409
and CVE-2023-29406.
-- Shengjing Zhu <email address hidden> Thu, 07 Sep 2023 12:01:53 +0800
Available diffs
- diff from 1.19.12-2 to 1.19.13-1 (3.8 KiB)
| Superseded in mantic-release |
| Superseded in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
golang-1.19 (1.19.12-2) unstable; urgency=medium * Team upload * Backport patch to fix link tests on riscv64 -- Shengjing Zhu <email address hidden> Fri, 04 Aug 2023 12:45:43 +0800
Available diffs
- diff from 1.19.12-1 to 1.19.12-2 (2.9 KiB)
golang-1.19 (1.19.12-1) unstable; urgency=medium
* Team upload
* New upstream version 1.19.12
+ CVE-2023-29409: crypto/tls: restrict RSA keys in certificates
to <= 8192 bits
-- Shengjing Zhu <email address hidden> Wed, 02 Aug 2023 11:34:17 +0800
Available diffs
- diff from 1.19.11-1 to 1.19.12-1 (6.6 KiB)
golang-1.19 (1.19.11-1) unstable; urgency=medium
* Team upload
* New upstream version 1.19.11
+ CVE-2023-29406: net/http: insufficient sanitization of Host header
* Add autopkgtest
-- Shengjing Zhu <email address hidden> Wed, 12 Jul 2023 13:53:19 +0800
Available diffs
- diff from 1.19.10-2 to 1.19.11-1 (13.4 KiB)
golang-1.19 (1.19.10-2) unstable; urgency=medium * Team upload * Upload to unstable -- Shengjing Zhu <email address hidden> Thu, 15 Jun 2023 17:47:17 +0800
Available diffs
- diff from 1.19.10-1 to 1.19.10-2 (297 bytes)
golang-1.19 (1.19.10-1) experimental; urgency=medium
* Team upload
* New upstream version 1.19.10
+ CVE-2023-29402: cmd/go: cgo code injection
+ CVE-2023-29403: runtime: unexpected behavior of setuid/setgid binaries
+ CVE-2023-29404/CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS
-- Shengjing Zhu <email address hidden> Wed, 07 Jun 2023 12:28:33 +0800
Available diffs
- diff from 1.19.9-1 to 1.19.10-1 (19.5 KiB)
golang-1.19 (1.19.8-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: html injection vulnerability
- debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
values
- debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
unquoted attr value
- CVE-2023-24539
- CVE-2023-29400
* SECURITY UPDATE: javascript injection vulnerability
- debian/patches/CVE-2023-24540.patch: handle all JS whitespace
characters
- CVE-2023-24540
-- Nishit Majithia <email address hidden> Mon, 05 Jun 2023 15:11:27 +0530
Available diffs
golang-1.19 (1.19.2-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: html injection vulnerability
- debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
values
- debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
unquoted attr value
- CVE-2023-24539
- CVE-2023-29400
* SECURITY UPDATE: javascript injection vulnerability
- debian/patches/CVE-2023-24540.patch: handle all JS whitespace
characters
- CVE-2023-24540
* SECURITY UPDATE: large handshake records cause panic
- debian/patches/CVE-2022-41724.patch: replace all usages of
BytesOrPanic
- CVE-2022-41724
* SECURITY UPDATE: denial of service from excessive resource consumption
- debian/patches/CVE-2022-41725.patch: imit memory/inode consumption of
ReadForm
- CVE-2022-41725
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number
of MIME header keys
- CVE-2023-24534
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column
number in //line directives
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals
- CVE-2023-24538
-- Nishit Majithia <email address hidden> Mon, 05 Jun 2023 09:49:37 +0530
Available diffs
golang-1.19 (1.19.9-1) experimental; urgency=medium
* Team upload
* New upstream version 1.19.9
+ CVE-2023-24539: html/template: improper sanitization of CSS values
+ CVE-2023-24540: html/template: improper handling of JavaScript whitespace
+ CVE-2023-29400: html/template: improper handling of empty HTML attributes
-- Shengjing Zhu <email address hidden> Wed, 03 May 2023 15:08:50 +0800
Available diffs
- diff from 1.19.8-2 to 1.19.9-1 (15.6 KiB)
golang-1.19 (1.19.8-2) unstable; urgency=medium * Team upload * Upload to unstable -- Shengjing Zhu <email address hidden> Fri, 07 Apr 2023 15:12:06 +0800
Available diffs
- diff from 1.19.8-1 to 1.19.8-2 (293 bytes)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
golang-1.19 (1.19.8-1) experimental; urgency=medium
* Team upload
* New upstream version 1.19.8
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <email address hidden> Wed, 05 Apr 2023 02:15:56 +0800
Available diffs
- diff from 1.19.7-1 to 1.19.8-1 (18.5 KiB)
golang-1.19 (1.19.7-1) experimental; urgency=medium
* Team upload
* New upstream version 1.19.7
+ CVE-2023-24532: crypto/elliptic: incorrect P-256 ScalarMult and
ScalarBaseMult results
-- Shengjing Zhu <email address hidden> Wed, 08 Mar 2023 13:54:08 +0800
Available diffs
- diff from 1.19.6-2 to 1.19.7-1 (22.3 KiB)
golang-1.19 (1.19.6-2) unstable; urgency=medium * Team upload * Upload to unstable -- Shengjing Zhu <email address hidden> Fri, 17 Feb 2023 17:56:44 +0800
Available diffs
- diff from 1.19.4-1ubuntu1 (in Ubuntu) to 1.19.6-2 (40.0 KiB)
- diff from 1.19.6-1 to 1.19.6-2 (292 bytes)
golang-1.19 (1.19.6-1) experimental; urgency=medium
* Team upload
* New upstream version 1.19.6
+ CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
+ CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
+ CVE-2022-41724: crypto/tls: large handshake records may cause panics
+ CVE-2022-41723: net/http: avoid quadratic complexity in HPACK decoding
-- Shengjing Zhu <email address hidden> Wed, 15 Feb 2023 10:09:02 +0800
Available diffs
golang-1.19 (1.19.4-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Mon, 12 Dec 2022 09:24:12 -0600
Available diffs
- diff from 1.19.3-1ubuntu1 to 1.19.4-1ubuntu1 (16.5 KiB)
golang-1.19 (1.19.3-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Tue, 15 Nov 2022 12:19:06 -0600
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
golang-1.19 (1.19.2-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 05 Oct 2022 15:02:12 -0500
Available diffs
- diff from 1.19.1-1ubuntu1 to 1.19.2-1ubuntu1 (12.2 KiB)
golang-1.19 (1.19.1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Tue, 13 Sep 2022 15:08:37 -0500
Available diffs
- diff from 1.19-1ubuntu2 to 1.19.1-1ubuntu1 (21.4 KiB)
| Superseded in kinetic-release |
| Superseded in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
golang-1.19 (1.19-1ubuntu2) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 03 Aug 2022 09:04:08 -0500
Available diffs
- diff from 1.19~rc2-1ubuntu1 to 1.19-1ubuntu2 (99.9 KiB)
- diff from 1.19-1ubuntu1~ppa5 to 1.19-1ubuntu2 (535 bytes)
| Superseded in kinetic-proposed |
golang-1.19 (1.19-1ubuntu1~ppa5) kinetic; urgency=medium * Add CGO_FLAGS patch once again. -- William 'jawn-smith' Wilson <email address hidden> Mon, 08 Aug 2022 17:44:06 -0500
Available diffs
golang-1.19 (1.19~rc2-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 13 Jul 2022 16:21:52 -0500
Available diffs
golang-1.19 (1.19~rc1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Fri, 08 Jul 2022 09:58:02 -0500
Available diffs
golang-1.19 (1.19~beta1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 15 Jun 2022 09:31:28 -0500
Available diffs
golang-1.19 (1.19~beta1-1) unstable; urgency=medium * New upstream version 1.19 beta1 -- William 'jawn-smith' Wilson <email address hidden> Fri, 10 Jun 2022 13:52:13 -0500
| 1 → 24 of 24 results | First • Previous • Next • Last |
