-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jan 2022 19:44:56 +0100 Source: golang-1.8 Binary: golang-1.8-go golang-1.8-src golang-1.8-doc golang-1.8 Architecture: source Version: 1.8.1-1+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: golang-1.8 - Go programming language compiler - metapackage golang-1.8-doc - Go programming language - documentation golang-1.8-go - Go programming language compiler, linker, compiled stdlib golang-1.8-src - Go programming language - source files Closes: 989492 991961 Changes: golang-1.8 (1.8.1-1+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2021-36221: Go has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (Closes: #991961) * CVE-2021-33196: in archive/zip, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. (Closes: #989492) * CVE-2021-39293: follow-up fix to CVE-2021-33196 * CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat) accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. * CVE-2021-44716: net/http allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. * CVE-2021-44717: Go on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. Checksums-Sha1: 70f91b516a588207d7b975ad7f599236e8d1044c 2487 golang-1.8_1.8.1-1+deb9u4.dsc 8e7abfe035aea40da55dbbffe723afbe0302b36a 60856 golang-1.8_1.8.1-1+deb9u4.debian.tar.xz ceedf3d122814a6ebb680d1e3a1643b2af08a198 6140 golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo Checksums-Sha256: e97577b3f35499b0f66f522edec4c29b3528057d697e9b6f085f6fdae723a4d8 2487 golang-1.8_1.8.1-1+deb9u4.dsc 44f535a60821798a73adec5e379079a70f91dbf66007a2879d2c9c5b022decd0 60856 golang-1.8_1.8.1-1+deb9u4.debian.tar.xz 590789e80ffd1056b94bc5a030c1d4497d5262d7bc2b14942ddaeb4acb58961b 6140 golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo Files: c6fdbcc2086022df7393bdf06a09cd5e 2487 devel optional golang-1.8_1.8.1-1+deb9u4.dsc 67cb651850af744436680104baae443e 60856 devel optional golang-1.8_1.8.1-1+deb9u4.debian.tar.xz dcf7cea90e7affb62560a19b506f17f6 6140 devel optional golang-1.8_1.8.1-1+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmHrGmQACgkQDTl9HeUl XjBZGw//VFmapWAOdzj8X40DMXo5U/nWUUwfiLUFpFqf9xD7oEgmCUys/n/tG72B G5U5b25JooXZOFeHtCTW5Dh4BmgiHoOEpIqV8vvZUtALrnOJOWDnyzi+0qjXRwgV TTijXyASMQOJCVABJEO2geQQPldoM5QrXOArySluaMMNZ4DJYp34LQjAS9KpvlzA EBGp7pTwOL52D1EcVR1d3DXtguBVVi3M8EkoJUygTUkz8YY3/z3ew24J/+xwbFVh dRRcwJYRTX21QpHMalblhbHBP6T58onc7b4RnXefKeJjgBSgCKyB+GFljcZzFyvA ogvjbkQu4FJ+dE1iSyDRFKE3O9h8l+q/wsF7VftiUt/hw8c2wLBpIxdTUUFBMMRd 8NGemEcw4QDeRb9rI6tnh73LV2JC3SsRfbpOe/T3qz79yhbnBQ3VFkqEL+gtgB98 6nti9pucecatjadB6EcyJ2ZR6Cwsk5L5vQL5wEU/SImaGXmlkBnp41WwKyicWo1A ZdScQpJw4qnoUZ23QkLh1rWAh1izUvaTX3NuRCldGRIssye6cDp63oqAD6vQd6CE Z5uzFnihH+635Nwma6Hh3uLbc7JQ357aAnzwjed1tYt5yMEp3oVza+LgAaWnNZER F+zXCqRVoowGDhMJkFHBLio0LbUvi8iHJal16RGR4SAlHwH56XE= =czDV -----END PGP SIGNATURE-----