-
golang-1.18 (1.18.1-1ubuntu1~18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: http request smuggling issue
- debian/patches/CVE-2022-1705.patch: don't strip whitespace from
Transfer-Encoding headers
- CVE-2022-1705
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2022-1962.patch: limit recursion depth
- debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2
- debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
recursive
- debian/patches/CVE-2022-30630.patch: fix stack exhaustion in Glob
- debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
Reader.Read
- debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob
- debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal
- debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields
- debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode
- debian/patches/CVE-2022-41715.patch: limit size of parsed regexps
- debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
MIME header keys
- CVE-2022-1962
- CVE-2022-27664
- CVE-2022-28131
- CVE-2022-30630
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32189
- CVE-2022-41715
- CVE-2022-41717
- CVE-2023-24534
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2022-2879.patch: limit size of headers
- CVE-2022-2879
* SECURITY UPDATE: query parameter smuggling issue in Go proxy
- debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling
- CVE-2022-2880
* SECURITY UPDATE: Incorrect privilege assignment issue
- debian/patches/CVE-2022-29526.patch: check correct group in Faccessat
- CVE-2022-29526
* SECURITY UPDATE: tls session takeover vulnerability
- debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add
- CVE-2022-30629
* SECURITY UPDATE: sensitive information exposure
- debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone
- CVE-2022-32148
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column number
in //line directives
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals
- debian/patches/godebug_dep_test_error.patch: fix test dependency error
- CVE-2023-24538
-- Nishit Majithia <email address hidden> Mon, 24 Apr 2023 11:12:55 +0530
-
golang-1.18 (1.18.1-1ubuntu1~18.04.3) bionic; urgency=medium
* d/control: remove Breaks: dh-golang (<< 1.43~).
dh-golang/1.34.2 is available in Bionic. If you need any feature from
newer dh-golang please try to implement it directly in the affected
package. As reference take a look at LP #1967425.
golang-1.18 (1.18.1-1ubuntu1~18.04.2) bionic; urgency=medium
* d/rules: stop using debhelper 12/13 execute_{after,before}_ overrides.
golang-1.18 (1.18.1-1ubuntu1~18.04.1) bionic; urgency=medium
* Backport to Bionic (LP: #1977860).
- Downgrade debhelper compat level to 11.
-- Lucas Kanashiro <email address hidden> Thu, 08 Dec 2022 11:41:22 -0300
-
golang-1.18 (1.18.1-1ubuntu1~18.04.2) bionic; urgency=medium
* d/rules: stop using debhelper 12/13 execute_{after,before}_ overrides.
golang-1.18 (1.18.1-1ubuntu1~18.04.1) bionic; urgency=medium
* Backport to Bionic (LP: #1977860).
- Downgrade debhelper compat level to 11.
-- Lucas Kanashiro <email address hidden> Tue, 06 Dec 2022 09:21:07 -0300
-
golang-1.18 (1.18.1-1ubuntu1~18.04.1) bionic; urgency=medium
* Backport to Bionic (LP: #1977860).
- Downgrade debhelper compat level to 11.
-- Lucas Kanashiro <email address hidden> Tue, 22 Nov 2022 17:03:06 -0300