-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Feb 2022 23:45:44 +0800 Source: golang-1.15 Architecture: source Version: 1.15.15-1~deb11u3 Distribution: bullseye Urgency: medium Maintainer: Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Shengjing Zhu <zhsj@debian.org> Changes: golang-1.15 (1.15.15-1~deb11u3) bullseye; urgency=medium . * Backport patches for CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 + CVE-2022-23806: crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates + CVE-2022-23772: math/big: prevent large memory consumption in Rat.SetString + CVE-2022-23773: cmd/go: prevent branches from materializing into versions Checksums-Sha1: 740153a259bbaf2e5fb2e7c185f22f8c9e369932 2336 golang-1.15_1.15.15-1~deb11u3.dsc 451c0cd50caecfc103b9a58d3eff1059d8550857 50968 golang-1.15_1.15.15-1~deb11u3.debian.tar.xz 1641e7a1beac03701dac9aba4cbbd1dce551ac71 6404 golang-1.15_1.15.15-1~deb11u3_amd64.buildinfo Checksums-Sha256: 4c1593100ea3a9dc45718c700c3202c3897ac81767a7a5fd092d213dedcf296c 2336 golang-1.15_1.15.15-1~deb11u3.dsc 9dffa0a1904f30e7d7929569943bc116081f4b86bc476133bc9f2830fc2f1b69 50968 golang-1.15_1.15.15-1~deb11u3.debian.tar.xz 76c37084385c0d853de1d740d1e7ab9f5641eb5e176fcefe6ab1b3bc2c7cfa72 6404 golang-1.15_1.15.15-1~deb11u3_amd64.buildinfo Files: 5a926ae4f867ed879b42f22853b81ece 2336 golang optional golang-1.15_1.15.15-1~deb11u3.dsc 0361b1a475ccfe6b4821986e43e9c6d5 50968 golang optional golang-1.15_1.15.15-1~deb11u3.debian.tar.xz 079cf87845ae9a7aac599e94389b5eb3 6404 golang optional golang-1.15_1.15.15-1~deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCYhEtMRAcemhzakBkZWJp YW4ub3JnAAoJEH9E+iXqVRTLj/UA/iFnO3NmmAA2nwbqxlAjXoNr+xCeZLOOiSzw bRGj8cWXAQDcGZm9GrzOXShAjY/uiukomRz6dA9jctpYR5cdEXmrCA== =z6iH -----END PGP SIGNATURE-----