-
golang-1.19 (1.19.2-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: html injection vulnerability
- debian/patches/CVE-2023-24539.patch: disallow angle brackets in CSS
values
- debian/patches/CVE-2023-29400.patch: emit filterFailsafe for empty
unquoted attr value
- CVE-2023-24539
- CVE-2023-29400
* SECURITY UPDATE: javascript injection vulnerability
- debian/patches/CVE-2023-24540.patch: handle all JS whitespace
characters
- CVE-2023-24540
* SECURITY UPDATE: large handshake records cause panic
- debian/patches/CVE-2022-41724.patch: replace all usages of
BytesOrPanic
- CVE-2022-41724
* SECURITY UPDATE: denial of service from excessive resource consumption
- debian/patches/CVE-2022-41725.patch: imit memory/inode consumption of
ReadForm
- CVE-2022-41725
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number
of MIME header keys
- CVE-2023-24534
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column
number in //line directives
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals
- CVE-2023-24538
-- Nishit Majithia <email address hidden> Mon, 05 Jun 2023 09:49:37 +0530
-
golang-1.19 (1.19.2-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 05 Oct 2022 15:02:12 -0500
-
golang-1.19 (1.19.1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Tue, 13 Sep 2022 15:08:37 -0500
-
golang-1.19 (1.19-1ubuntu2) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 03 Aug 2022 09:04:08 -0500
-
golang-1.19 (1.19-1ubuntu1~ppa5) kinetic; urgency=medium
* Add CGO_FLAGS patch once again.
-- William 'jawn-smith' Wilson <email address hidden> Mon, 08 Aug 2022 17:44:06 -0500
-
golang-1.19 (1.19~rc2-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 13 Jul 2022 16:21:52 -0500
-
golang-1.19 (1.19~rc1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Fri, 08 Jul 2022 09:58:02 -0500
-
golang-1.19 (1.19~beta1-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- 0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch
disable internal linking when dynamically linking and CGO_CFLAGS
contains flags that might make host object files that the internal
linkers ELF reader does not support. This fixes lots of package builds
when LTO is enabled by default via dpkg-buildflags.
- d/rules: Add NO_PNG_PKG_MANGLE to prevent a test file from being
compressed.
-- William 'jawn-smith' Wilson <email address hidden> Wed, 15 Jun 2022 09:31:28 -0500
-
golang-1.19 (1.19~beta1-1) unstable; urgency=medium
* New upstream version 1.19 beta1
-- William 'jawn-smith' Wilson <email address hidden> Fri, 10 Jun 2022 13:52:13 -0500