-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 04 Jun 2022 01:35:32 -0600 Source: golang-1.17 Architecture: source Version: 1.17.11-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Changes: golang-1.17 (1.17.11-1) unstable; urgency=medium . * New upstream version 1.17.11 + CVE-2022-30634: crypto/rand: rand.Read hangs with extremely large buffers (Go issue https://go.dev/issue/52561) + CVE-2022-30629: crypto/tls: session tickets lack random ticket_age_add (Go issue https://go.dev/issue/52814) + CVE-2022-30580: os/exec: empty Cmd.Path can result in running unintended binary on Windows (Go issue https://go.dev/issue/52574) + CVE-2022-29804: path/filepath: Clean(`.\c:`) returns `c:` on Windows (Go issue https://go.dev/issue/52476) Checksums-Sha1: cc31fc11fbf58d94ca839830fc28a6078522c173 2871 golang-1.17_1.17.11-1.dsc f3d876d6ce469eea152d2076aec6a455f530b08e 22197784 golang-1.17_1.17.11.orig.tar.gz 0a2cdd29c6d5adc2f0e465ade2a2dbd9158a8a8b 819 golang-1.17_1.17.11.orig.tar.gz.asc 56ce8d56c25ddf0735d9d634cca81a53f4d6f695 39544 golang-1.17_1.17.11-1.debian.tar.xz 1de992b15cc4ef90eb3eaea13644f9a1aef265a1 6937 golang-1.17_1.17.11-1_amd64.buildinfo Checksums-Sha256: 2ad5550dc14e4026c0effe4d172522bdb2d50e5881bd458de79ebf729050df55 2871 golang-1.17_1.17.11-1.dsc ac2649a65944c6a5abe55054000eee3d77196880da36a3555f62e06540e8eb54 22197784 golang-1.17_1.17.11.orig.tar.gz aad323c5ea9eb5ad6a074d79f74a0d7cec0eb9aff9c9433f74d18b431cb5ec2e 819 golang-1.17_1.17.11.orig.tar.gz.asc 79a0b7a3c0c14bbe1352bb995d9fd51965d0836bae7e146f7f32eb8c083ae400 39544 golang-1.17_1.17.11-1.debian.tar.xz 6b93ee493ca6ca56a699029b8dfd9bf348ded242cbbbe52d8e2b14477edac10f 6937 golang-1.17_1.17.11-1_amd64.buildinfo Files: 1d68cf3147184ff63073e8af4f654fff 2871 golang optional golang-1.17_1.17.11-1.dsc 5c598ba324b96c25683e17a67041301b 22197784 golang optional golang-1.17_1.17.11.orig.tar.gz 027be285bacba61d0eb80b5d69bfc166 819 golang optional golang-1.17_1.17.11.orig.tar.gz.asc cbf34265fe7b33b356cf970ca5a3051a 39544 golang optional golang-1.17_1.17.11-1.debian.tar.xz 2fba8bb98ba20761f27ab65a5bdd03b3 6937 golang optional golang-1.17_1.17.11-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmKbMAgQHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWaz5JCEACUONq7o5IpQ8r5EzbZ4Cgl9ihf3KmCuTgU JK0kit0itNR/hIq7iz+s9aICHubzqYc91Ty08PlfoMSomtqx67Vv/qRm1kimCz8k QrxZ/cOK28GXhjdDWtXqoJOF+O+DrcQaa4RO/gV64AsrJRMWGMI5uplcbKXA7Gbh guxPWEyUodJKDPROjWUIyr/GLm1DY7ov8e/uNK39pwHGS1vMoyU+XBimNXp9mrFL sCSVImSPGgxxnN/5oOaSx4vTrWa5HSzQFo1MpKY7mwGcuSAV2+YNxpug/vkdEEQn DfTX06+sjm/AHkSBRwZ5VWHeUXuHuAsNlfVb3pX9yIoRH43HPnTL4Gzhwpj6D8ri Q3kwlX3OCvcmEVossDcvNMbtYVoqctmHTBeSiOdYD1xhWz1YMmb+5RFzc/IEysqc mT6zjXzVUQGmguIp9kQiViXUlk9W74eOIcpuylQ2mDov2J9HEeDL1VnZOIw2ETU5 HzJt57d3DlCKk3DGmiNTbutYEk57V4RUeG6Ikxq0NFJHD8/4kHCeeQ0eJRpPHrMv r9QVNG8o92iNqH2AOTj6OOzPYv4PvDrfAEkceP5whj2W204ACOcnz1+6RndRRFsm kSb61N0rcfvcL19UxuyhW6/LwBzKVCj+3QqqUlM2sN9ZvbLikAKN7ohxZ63k3JXL XypMu/ji6w== =Efa5 -----END PGP SIGNATURE-----