Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.13 1.13.7-1 (source) into unstable
Date: Fri, 31 Jan 2020 21:20:07 +0000
Signed by: Dr. Tobias Quathamer <toddy@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 31 Jan 2020 21:47:40 +0100
Source: golang-1.13
Architecture: source
Version: 1.13.7-1
Distribution: unstable
Urgency: medium
Maintainer: Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Dr. Tobias Quathamer <toddy@debian.org>
Changes:
 golang-1.13 (1.13.7-1) unstable; urgency=medium
 .
   * New upstream version 1.13.7
     - cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs.
       When int is 32 bits wide (on 32-bit architectures like 386 and arm),
       an overflow could occur, causing a panic, due to malformed ASN.1
       being passed to any of the ASN1 methods of String.
       This fixes CVE-2020-7919 and was found thanks to the
       Project Wycheproof test vectors.
   * Update upstream's signing key
Checksums-Sha1:
 35b545fb715e5f4f9b4d0e00dc8e4bf0d0f4894b 2589 golang-1.13_1.13.7-1.dsc
 5656ed6a77e67f30628cd78af8170d85f2fc6fcd 21563722 golang-1.13_1.13.7.orig.tar.gz
 7dafba44419979cc8c6a2d56c00a8ce3326aacc6 36152 golang-1.13_1.13.7-1.debian.tar.xz
 d2be6ed9fa78db691fe74f15bc108976bd868978 6700 golang-1.13_1.13.7-1_amd64.buildinfo
Checksums-Sha256:
 88202064ffcb9ea605f748f2c741e82d4bde0291e1319de2788c3fdb5606dc54 2589 golang-1.13_1.13.7-1.dsc
 ad6d394ebb42b45e8998aca96bd06ebc51fd50ea53954dc2a48ee8c1ac67fd8b 21563722 golang-1.13_1.13.7.orig.tar.gz
 8153fe3a876ef3f032043948771d708214e239e2679e0c6d9da1ec6d83979e5d 36152 golang-1.13_1.13.7-1.debian.tar.xz
 7fd84fede8accdce10940353de91c75d961ce2e20eb1e04bfefa964ba9743def 6700 golang-1.13_1.13.7-1_amd64.buildinfo
Files:
 e7d2f432a12c780d59bcbc0ea4eae038 2589 devel optional golang-1.13_1.13.7-1.dsc
 936cf6ad31c60ad4129d2e468178e6d7 21563722 devel optional golang-1.13_1.13.7.orig.tar.gz
 8e8f2153bd7beb92d9f15230169e6e92 36152 devel optional golang-1.13_1.13.7-1.debian.tar.xz
 0bcc90bd216f48c58b060f721a6c19d8 6700 devel optional golang-1.13_1.13.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAl40lZ0ACgkQEwLx8Dbr
6xmypQ/9F276hUkvfT6lG3xYlzpCqKKN0BKZKomKX+zCv+axMkDyb9o8G2Hw10ga
tn9j6uk1dI/M8HASCjvjh9Wyo/yLDqkkqjwj0XBqohskD3KBlaIf6lYc0SbQ85wt
byKdg/R4SyRv1NMu+s7XBRqV7lgvjsdSnLOUHXyRzTj4Z0yPKhakftd6zEGRPb3x
KVeqY4/wVM/aiWQYtKdhRyhnWXp04GjkJtjJP1xNFG77wf3pzECr9EHm3MpRhbDR
sz7phK6JnuBhH8ba6l8W5+kYYs4HL5u7GHkM5tnAGWoq35f9rVTF9UgooZ/Bjk+L
wuLNYzHyoNt0bjH6eMPSx1IWna/zq1g+40DZl2H3alKdCUMFIlhGAXc1a6yrzmGo
2zsswQibg5AXaMQL0U4b9AoIiczKuFIbVqx76zxklIDifg95Gl+9m+n+ws0pq4AO
VxtqvuS38dAYB8kACz2r/sjrATKdnuTA0IxkRqzyOHBY6t4aj2dToaV5VzDUVB0C
5BRWWNT2YtLnZaDkg0sYnUMNQKGYYowZybe9xgynJyyzhbWjO2aZcKXb30tE2LPd
fw2TvBhq/0eiTvQpEEV0tXSAheOFLkM8vwBDHzeL7sx1VDpxjcI6hImBIw7v1yBG
XJNqw4UaxojfEg/k7SlTjT0jOqnL0GbXViU3EfEdiPuv8Oqa3bs=
=2xr7
-----END PGP SIGNATURE-----

News for package golang-1.13