-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 20 Nov 2020 17:03:02 +0100 Source: golang-1.7 Binary: golang-1.7-go golang-1.7-src golang-1.7-doc golang-1.7 Architecture: source all amd64 Version: 1.7.4-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: golang-1.7 - Go programming language compiler - metapackage golang-1.7-doc - Go programming language - documentation golang-1.7-go - Go programming language compiler, linker, compiled stdlib golang-1.7-src - Go programming language - source files Changes: golang-1.7 (1.7.4-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-15586 Using the 100-continue in HTTP headers received by a net/http/Server can lead to a data race involving the connection's buffered writer. * CVE-2020-16845 Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. Checksums-Sha1: 9a54cf5881ae24dff9c56b18d1580a732e6b1bd5 2646 golang-1.7_1.7.4-2+deb9u2.dsc 0fb305c827c8794cfda7e437befa6101a2d06b2e 14198817 golang-1.7_1.7.4.orig.tar.gz 79360fa87bd1e0a21cefab4dc261014991648e17 33720 golang-1.7_1.7.4-2+deb9u2.debian.tar.xz 3b0bb8ef31034dd97010e9e175ff2270bfc73a6b 2391358 golang-1.7-doc_1.7.4-2+deb9u2_all.deb d091e87b2ee2a6d4629aaa143aed9ff920b53f96 19349464 golang-1.7-go_1.7.4-2+deb9u2_amd64.deb f81d86f63c09bcc1138f3db61c6198a47e0f95d8 7678650 golang-1.7-src_1.7.4-2+deb9u2_amd64.deb 2ca03ddddfd83b0beb875f14a8ad344b4e6273de 27190 golang-1.7_1.7.4-2+deb9u2_all.deb efa74d2b10a408097983f043ce1b221a93f5bdd5 7072 golang-1.7_1.7.4-2+deb9u2_amd64.buildinfo Checksums-Sha256: 7bb5cb5d167a4cf6eb27c3f3a2beea2ffbe4375f75201cc7c70e7c26b2fb281b 2646 golang-1.7_1.7.4-2+deb9u2.dsc 4c189111e9ba651a2bb3ee868aa881fab36b2f2da3409e80885ca758a6b614cc 14198817 golang-1.7_1.7.4.orig.tar.gz 5debecaf1161290bf939172f06afb717c1c26cd4f57d2caf2dad64a3a09adf47 33720 golang-1.7_1.7.4-2+deb9u2.debian.tar.xz 2b5cf2cc8a9eeed0a5c75a7ecbfa89b2082a61b6f2fb7305ee15c0613b6ba672 2391358 golang-1.7-doc_1.7.4-2+deb9u2_all.deb fdaa7668d1ef6efd14ee8b0a2fea95d3494a8b05e326bddd0e73b2c5410a31ef 19349464 golang-1.7-go_1.7.4-2+deb9u2_amd64.deb c3c342015dfaa9651d0b23ce4afff8c91990be3ce9b6a3b2fe734910aeff3b41 7678650 golang-1.7-src_1.7.4-2+deb9u2_amd64.deb 584b65a8d6345bcaa7092e7a55fad224959bc3fc8debfec716d1239f1d85067a 27190 golang-1.7_1.7.4-2+deb9u2_all.deb d5964d70fdf280cf4220ba004c1d27620ac6bf1191a25e6d045611e76a8f7b73 7072 golang-1.7_1.7.4-2+deb9u2_amd64.buildinfo Files: 633320d18953d1fc45435bc4e2eb7c70 2646 devel optional golang-1.7_1.7.4-2+deb9u2.dsc 49c1076428a5d3b5ad7ac65233fcca2f 14198817 devel optional golang-1.7_1.7.4.orig.tar.gz 380154ccc57b7aebf38ec4402f89337d 33720 devel optional golang-1.7_1.7.4-2+deb9u2.debian.tar.xz 914ab32b89dbf92521bab382950920c1 2391358 doc optional golang-1.7-doc_1.7.4-2+deb9u2_all.deb 80bba02129137f8bc1174c6948ac0635 19349464 devel optional golang-1.7-go_1.7.4-2+deb9u2_amd64.deb acba5db9d3a4176f75e397ba9fe30071 7678650 devel optional golang-1.7-src_1.7.4-2+deb9u2_amd64.deb 21f65104cbc7e0cbcb2a1d6cb014f40a 27190 devel optional golang-1.7_1.7.4-2+deb9u2_all.deb cfd14e78c2c12f304876758c816d53cb 7072 devel optional golang-1.7_1.7.4-2+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+5JqVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR1MnD/99vqmXeQdgX6xXtyHM9lvv5jOoRzgz vvuGHvcC8BvqrW7FZ6D3ir3z/KOJOOyH53MvBBHX0oLwgeDaTx3UwKhbZmPJzcpi Df2CrKwAiG0FuvctfYnnLn5HvUgUJhKGN7BDNEjgqAL2gvgb5r+jJGgR1RQ1Uk+U dlAeFAxj2RCOf3T3jtn7t0gTQoeWrhEiqhNkKfkDxQdFoI2x5zrbHSRnHVa4DZjO KrarYYlKGssevADHaIoNpLuJPVpsvK/vYaaO1nOub5oY5RMmpS2Z0/y6SexZMm2u azmX/Om4JQUJEWGQqloqoH2tF62yJX/YzcKEQXkNc0QqAAah40g7eOB1/TcmQesa KlyKskBI4JmmkFLZPYUA8tGeYOaRJMzKRN7Prt8ZXq1Aa+n3+HmtISkTDHeoN2P6 NtzoeOs5G//YnmonPqPDTZqWvZ2T/qggOZ2jtBiFNZkGjgAyKZu79GbvXZtdkJaX kWQdz5ujcQIYreVdR+UmY1Re4vRNRYwDsta8WQrwpRnA2xvn4SqTytlOvhzEkrTz jpu72h6ef5H0DZayaxZayLYXxk7/oamlUMDpVYmnzKTdKWBbacNjhxAEQv93boJh bqSfPqju705NpRQac4hsDitU/l82hV4wnYLBdeFJL7GCgfXJcqcsoFMIOglNsDN1 eG4cTM23ORsy0A== =dkvq -----END PGP SIGNATURE-----