Ubuntu
golang-1.21 package

Change logs for golang-1.21 source package in Focal

Focal (20.04)
Change log

golang-1.21 (1.21.1-1~ubuntu20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Mon, 08 Jan 2024 11:39:58 +0530

golang-1.21 (1.21.1-1~ubuntu20.04.1) focal; urgency=medium

  * Backport to Focal (LP: #2040269)
  * d/control{,.in}: downgrade debhelper compat level to 12
  * Build with Go 1.18
    + d/control{,.in}: use golang-1.18-go in Build-Depends
    + d/rules: use /usr/lib/go-1.18/bin/go to set GOROOT_BOOTSTRAP path

 -- Shengjing Zhu <email address hidden>  Wed, 25 Oct 2023 16:21:36 +0800

Ubuntugolang-1.21 package

Change logs for golang-1.21 source package in Focal

Ubuntu
golang-1.21 package