Change logs for golang-1.20 source package in Focal

golang-1.20 (1.20.3-1ubuntu0.1~20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: XSS issue
    - debian/patches/CVE-2023-39318.patch: support HTML-like comments in
      script contexts
    - debian/patches/CVE-2023-39319.patch: roperly handle special tags
      within the script context
    - CVE-2023-39318
    - CVE-2023-39319
  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

 -- Nishit Majithia <email address hidden>  Wed, 10 Jan 2024 11:28:05 +0530

golang-1.20 (1.20.3-1ubuntu0.1~20.04) focal; urgency=medium

  * Backport to Focal (LP: #2023694)
    - d/control{,.in}: downgrade debhelper compat level to 12
    - Build with Go 1.18
      + d/control{,.in}: use golang-1.18-go in Build-Depends
      + d/rules: use /usr/lib/go-1.18/bin/go to set GOROOT_BOOTSTRAP path

 -- Shengjing Zhu <email address hidden>  Tue, 04 Jul 2023 10:33:30 +0800