-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Nov 2020 15:03:02 +0100 Source: golang-1.8 Binary: golang-1.8-go golang-1.8-src golang-1.8-doc golang-1.8 Architecture: source all amd64 Version: 1.8.1-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: golang-1.8 - Go programming language compiler - metapackage golang-1.8-doc - Go programming language - documentation golang-1.8-go - Go programming language compiler, linker, compiled stdlib golang-1.8-src - Go programming language - source files Changes: golang-1.8 (1.8.1-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-28367 When using cgo, arbitrary code might be executed at build time. * CVE-2020-15586 Using the 100-continue in HTTP headers received by a net/http/Server can lead to a data race involving the connection's buffered writer. * CVE-2020-16845 Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. Checksums-Sha1: 11a82cc990961189317eeb8ef998c2b9d4ebcd1c 2646 golang-1.8_1.8.1-1+deb9u2.dsc 0c4b7116bd6b7cdc19bdcf8336c75eae4620907b 15331455 golang-1.8_1.8.1.orig.tar.gz 8eb93923020db6a09a9ae4945dbd991cd7ab3f37 41304 golang-1.8_1.8.1-1+deb9u2.debian.tar.xz e30b32a3f7232d95e5bc4509b41937a719008577 2405828 golang-1.8-doc_1.8.1-1+deb9u2_all.deb 129ab78bc476db3f453d9cc12141f8ad01e9a8dc 22298608 golang-1.8-go_1.8.1-1+deb9u2_amd64.deb bbf073db453c9599e7d0e0db2976dcc6be00351d 8477886 golang-1.8-src_1.8.1-1+deb9u2_amd64.deb 46a1a17b9c0787a749370ec3064fa788343ee830 27372 golang-1.8_1.8.1-1+deb9u2_all.deb 968df428865282d82c63004829af5521b99cdf9e 7072 golang-1.8_1.8.1-1+deb9u2_amd64.buildinfo Checksums-Sha256: 7eb02e53db6a6efbf4e90fef646365bdc716deb8eb19a8ccdd2d642df7427ff6 2646 golang-1.8_1.8.1-1+deb9u2.dsc 33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 15331455 golang-1.8_1.8.1.orig.tar.gz 9b0ec9385a80efa1fc01fb6853f41928df04e27a7dad1633cc7191de6f111ac3 41304 golang-1.8_1.8.1-1+deb9u2.debian.tar.xz e88fa2403ba31f0aa0d2beeba1a9601c0471b8015dd401656b21c16186738dcd 2405828 golang-1.8-doc_1.8.1-1+deb9u2_all.deb 46d561974aa81491d92edaf9b3d3855e1cb047d2c1043c33971da0ab1bf266b9 22298608 golang-1.8-go_1.8.1-1+deb9u2_amd64.deb 648eb622a98f7e6cb9db41817280c96f12665c0b87ca0c06a9cabcb425a04766 8477886 golang-1.8-src_1.8.1-1+deb9u2_amd64.deb 1c444ee66aac3bc10f6512578e4db66b2b5d4e17cf5351a2678c88c7c4decd2a 27372 golang-1.8_1.8.1-1+deb9u2_all.deb aa3c4b01f3fc23e72f68bc03080c8fa26c6638505feaf0974785ca9a86cab9ba 7072 golang-1.8_1.8.1-1+deb9u2_amd64.buildinfo Files: 12a6aaa42df192cff370cb078eddd3cb 2646 devel optional golang-1.8_1.8.1-1+deb9u2.dsc 409dd21e7347dd1ea9efe64a700073cc 15331455 devel optional golang-1.8_1.8.1.orig.tar.gz d676712786eb35cbd2401804f7cd8551 41304 devel optional golang-1.8_1.8.1-1+deb9u2.debian.tar.xz 79b40d59d27d487d0b221139d84f8379 2405828 doc optional golang-1.8-doc_1.8.1-1+deb9u2_all.deb 96fe3de54c320458bc418d4e6749cc8c 22298608 devel optional golang-1.8-go_1.8.1-1+deb9u2_amd64.deb b010c9f271819b318fef729d02d923ab 8477886 devel optional golang-1.8-src_1.8.1-1+deb9u2_amd64.deb 33e08dda6a7e1590a3b55eeed6167e51 27372 devel optional golang-1.8_1.8.1-1+deb9u2_all.deb d5a80ddf1aaaeb626a66f36a521e16e0 7072 devel optional golang-1.8_1.8.1-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+5O8RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR9S6EACMph8gbJXlbLbdph9P5WNPwKHLW1Gj tMqkO8JgyhCW6Fk04xrp2FBM9TJRv/OcPMIiXtP/59iPaswvxTNzJkXT2K0WEMOU tO+CQI6wo8SB1XV3reQ3kr5qXM3/J8TThNwcsXjGx5VWLjKXp/1mOT98Vwl7cFue fo8oWmpuFKOqE1ZMOufkQKoa1ntJ4MQOETYVwCTceFoaoBZ46SuKkS0x2PZWcog8 CLAiIn1UNAQLJzzgBPo6ddbxR3QGd8fO3dcvQuRGv4Y+orAniTL0yBQTymRNFZS0 0DNXbjaKFFR0f+Lpt/ItEqyI1U8ncQzSAKQV08nkXSFt1nIfcQb52aQ5Gv0NCBV4 EyDXYabKREqYT4EToS/nfeh+r6AqNMVhbFgmEEXpK/YMT+ti0sFh9Mpztmf6S63b OeWBorilbmdbGJwW67mM1u+89qVtDdjkXYXIk1Ix9oXzXzszI5vXnpeIjlRCl3hX YinTq5/IeV+eT9NCvkFWL+CX+Q//1E20Z+kY8bWS4ULRL64VIUCAnm9lywXJCnoB KSztjGngojPSdcp6HWtVYtZcb4Baj3CN7BL85x9GIe1d0ZwbMzo4wwRM9ETBzYI+ XXIhDRQZMBoA3G69IxRGFcJLVPqNbQoIU5XmIXdl36OOEH6I9q3YIMhmzkp7nCi/ a2KscfBe9A14Xg== =UPCK -----END PGP SIGNATURE-----