Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted golang-1.16 1.16.8-1~bpo11+1 (source) into bullseye-backports
Date: Sat, 11 Sep 2021 04:35:06 +0000
Signed by: Anthony Fok <foka@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 10 Sep 2021 18:45:15 -0600
Source: golang-1.16
Architecture: source
Version: 1.16.8-1~bpo11+1
Distribution: bullseye-backports
Urgency: high
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
 golang-1.16 (1.16.8-1~bpo11+1) bullseye-backports; urgency=high
 .
   * Rebuild for bullseye-backports.
   * New upstream version 1.16.8
     + CVE-2021-39293: security fix to the archive/zip package
 .
 golang-1.16 (1.16.8-1) unstable; urgency=high
 .
   * New upstream version 1.16.8
     + CVE-2021-39293: security fix to the archive/zip package
       The fix for CVE-2021-33196 can be bypassed by crafted inputs.
       As a result, the NewReader and OpenReader functions in archive/zip
       can still cause a panic or an unrecoverable fatal error when reading
       an archive that claims to contain a large number of files,
       regardless of its actual size.
       Thanks to the OSS-Fuzz project for discovering this issue
       and to Emmanuel Odeke for reporting it.
     + bug fixes to the archive/zip, go/internal/gccgoimporter,
       html/template, net/http, and runtime/pprof packages
   * Fix Lintian warning: tab-in-license-text in debian/copyright
   * Sync recent d/control changes back to d/control.in
   * Rename Maintainer from "Go Compiler Team" to "Debian Go Compiler Team"
   * Bump Standards-Version to 4.6.0 (no change)
Checksums-Sha1:
 5d4b1dd4edc19b6ed3f186a8491ebe2783ba8942 2896 golang-1.16_1.16.8-1~bpo11+1.dsc
 4a8a9841ba28f9cba2174bf2af5e44c4cce59ad0 40304 golang-1.16_1.16.8-1~bpo11+1.debian.tar.xz
 185de96f39e54b3981bb43d78e91fc32181181c5 6846 golang-1.16_1.16.8-1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 d13bd4d83a390f827dd18ca374bbd52675086794c4b877138c60858f7f7a4bc2 2896 golang-1.16_1.16.8-1~bpo11+1.dsc
 f5df0e2c7270993c7a2a253cf9815ce39c2ba77212986456ca07891054d13d28 40304 golang-1.16_1.16.8-1~bpo11+1.debian.tar.xz
 65e30975aee936ad12815f2b44b88e2102a9fad5d9b9646f6b13ba3dddff0fcd 6846 golang-1.16_1.16.8-1~bpo11+1_amd64.buildinfo
Files:
 a13c6c503b2faa24b8735a36f88a76c1 2896 golang optional golang-1.16_1.16.8-1~bpo11+1.dsc
 d14bcec1c8c342f18efae75ca42490fb 40304 golang optional golang-1.16_1.16.8-1~bpo11+1.debian.tar.xz
 b60c2a08ec3a2fc77bbe148e608cc381 6846 golang optional golang-1.16_1.16.8-1~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmE8LAUQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWazz/0D/4lZgi4MPv+PuOqIfijy2jnLg0eoR5Dgi4z
codmIJ63icikFuIOY7XFweWnubzSVMD4qKH2tX5o/82OtzItHPE7u2ZEr1DubEc4
A9ilG8oiaqWtBBDvgF4aTVz7Q8cEfleOA7vxTfIPwiD1Xk6CXekEILIY0cGUsRcm
HzccLwJZW4vTijSx4JUTxl+DorRHIx2AZWnPUqMIJkgKaxLMb5SOz26EUIXIbc6c
T3otrIsL7BQIiE5B0mPjOex19sDaKUvvCRbMI1nTlHx1ZBKyxs4wVgSmwj+t7Tmx
aiXO4aOvIQuGm9+84j0U84FFS7QRxPQDuoC/R5R26eqOQ4/Hax4CtkAFR/CD7uuU
JjTisUz6bSyVe1a7cAc5bGGWeTLzl+813PPV1038EihaJpwvZVv+ywAyOc37rw2a
7oZkC3m73nFk88uaXe3v7lhOZyX6h9g3D337RxMnw4bK8KtNHjeIJECI/mtmAqHM
N0K/tAzk7WvOXBiu1zAIY9yeV7UDoJiUVaAUDuV34DmV2/6WbS7CAlD3OInVIbTn
wGkoHVMJE1v4Ev2Uy8LPDgrd5laXsYD4OWGYkdsJ1b85VUquIvBlwrQ1ntzmqR9j
xmiiiMIExHtN6PccZ2yDxQNGDnSHf9rROcKgKyfSSr6UYoFN2qgx4rstUoC+Ov5g
WXDD8/4uYg==
=t3Rz
-----END PGP SIGNATURE-----
News for package golang-1.16
