-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Jun 2021 02:13:12 +0900 Source: golang-1.15 Architecture: source Version: 1.15.9-5~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Roger Shimizu <rosh@debian.org> Changes: golang-1.15 (1.15.9-5~bpo10+1) buster-backports; urgency=medium . * Team upload. * Rebuild for buster-backports. . golang-1.15 (1.15.9-5) unstable; urgency=medium . * Team upload. * Backport patches for CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 + CVE-2021-33195: net: Lookup functions may return invalid host names + CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty + CVE-2021-33198: math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" . golang-1.15 (1.15.9-4) unstable; urgency=medium . * Team upload. * Backport patch for CVE-2021-33196 archive/zip: malformed archive may cause panic or memory exhaustion https://github.com/golang/go/issues/46396 Checksums-Sha1: ac6fbe98cc88622f0e548ff6446b0cb3d4a21ec5 2670 golang-1.15_1.15.9-5~bpo10+1.dsc fba87f2fea90e85312070f10b9bd87328674a9cf 49324 golang-1.15_1.15.9-5~bpo10+1.debian.tar.xz 51a86f50d00ea076aee5622955f7338d8829df08 5982 golang-1.15_1.15.9-5~bpo10+1_source.buildinfo Checksums-Sha256: a8333c1541b8545fc05c037c96716c11893289a6c52f745d0029721eb3d1cc62 2670 golang-1.15_1.15.9-5~bpo10+1.dsc eb57d47b38b10e0938542066232dcfd4a5d667b06ffca06c43fa43143a7a8aae 49324 golang-1.15_1.15.9-5~bpo10+1.debian.tar.xz ed3409cf91b728ae4b0f9f66cc1056e45efe9d5255a97b63c15b347f1ff43f02 5982 golang-1.15_1.15.9-5~bpo10+1_source.buildinfo Files: 6d7cceb6c2f2e3e06e44befda078a669 2670 devel optional golang-1.15_1.15.9-5~bpo10+1.dsc 773c638fb20fc701b605a1e2993bd63c 49324 devel optional golang-1.15_1.15.9-5~bpo10+1.debian.tar.xz 561e6fe88595fc611b4b392bed9d97a7 5982 devel optional golang-1.15_1.15.9-5~bpo10+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEECjKtvoA5m+cWOFnspHhrDacDNKgFAmDKNtQQHHJvc2hAZGVi aWFuLm9yZwAKCRCkeGsNpwM0qPqgD/wL5W+3x2iJJqXc9rHmID532GfirH7rjLjy ZOITf8R2EbSF/8qoDtPsSik1ZHlC/v4FP0v2jEmKtcDSaWHt0/BumwNuafEY3TQc xdFvIhvUK14vGipZa24ZXLHHzBoIbB3ClnVbaDR73D0Sb1rS6iK+ZWjjtD5ZCnqJ ZyCOtX0sMt1TMSwNdK7Q3YWcWEXq9bhoqeP/Qr3lZRfTzHgRst+b7baWtBYlPmPl DvYUB2xQL86V9bwtr4ZRI5oYXs5fXiNWoi77MgHUCdk5xZE1CGtxbC37Ia+5i7fJ N9LjhGlzuNCGVZZHO/y7NoO94edaTihF3FiVwniX7UPPmAa87yhn4n/m9d25FYr/ FBVmPQuAOgUOSdMTaVQZURW0ys4+hi06PxHOKLkj7JRwuQjolafcFGXUIsuVFH2B c9ad0ZdHpeyPK5Bs6OOKeIsVjtD7IKjosXWO5auSNDQLzy6jynlbpJhVZJFhzWEc RqbfU9ODnk2aobriKuFq2iPOAWekCFEvSIpOUHjuh3fz/8hWPAHoii864BUPDubn 81cqMnpofPrqV0Cm9E4TkUrZP93zHGkdyiRiU8NuBEsrTbGX9w2Vp7PAyMI+jXv6 maYFOfBE+Q2ytcva1wUabM8eRNwlbboU2Z9IHTltB//TXWPMyfL4LHKthx8+adEL Zmb6tnX2UA== =29bQ -----END PGP SIGNATURE-----