-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jul 2022 11:01:43 -0600 Source: golang-1.18 Architecture: source Version: 1.18.4-1~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Changes: golang-1.18 (1.18.4-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . golang-1.18 (1.18.4-1) unstable; urgency=medium . * New upstream version 1.18.4 + CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header + CVE-2022-32148: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected. + CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read + CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal + CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip + CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode + CVE-2022-30632: path/filepath: stack exhaustion in Glob + CVE-2022-30630: io/fs: stack exhaustion in Glob + CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions Checksums-Sha1: af87d9b9995f35beb39bc99e25c711153f3f3d68 2893 golang-1.18_1.18.4-1~bpo11+1.dsc 56edf5faab26da1e153c6ee4dce6b4dde98dd73c 41484 golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz c5d25fe6300e21757bdefb13b16cd5b068a874d1 7141 golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo Checksums-Sha256: a2304e69e8874f9b9fc14c7d2d8081d6a835524342155fd73184d36edd4a75ed 2893 golang-1.18_1.18.4-1~bpo11+1.dsc d42bda2c1418fe7e9bd78798ed11c8b75da54f5c6c0dbcd809c3a51c0b4081f1 41484 golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz bb8bb56e59cbed0dc11b20ea5c90ce4fe26f651d28e6742f7443d127adbb4319 7141 golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo Files: 0d3ad87a34111be0aa5a3c7ba05aa3df 2893 golang optional golang-1.18_1.18.4-1~bpo11+1.dsc 0436c9c2482683cf0f4c324e1c1bd695 41484 golang optional golang-1.18_1.18.4-1~bpo11+1.debian.tar.xz 19ee0ec30f3c9ebc22c487838316c8d2 7141 golang optional golang-1.18_1.18.4-1~bpo11+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmLQVp4QHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWaz9bjD/9pzo01sK4szMsOCqTdZ0Wl/mLHtqVuD5t/ m+XkhwhRhRQWuLuKZSueuBHo+gU8NvWrlNFYDubX/sn6h4Vpp0kvPB8acLRgARlI ymJxX7CHXHTn7gX+2yC+NtuRb4fxW1LxjFubAqPyNyEfqNRZGAvjeu+M0UiBQXl0 r3ZHuG4xYKTakkm0nqvl3PRci6klug+NyFMFpnmLwAnf/ikwZcenCr0x1e19PjUl RU6v3KoBm/Axttd7JKUZwhXzEirSe1/pJnR+Nl7Xywo/1EZG6Quuk7mcPTbHTb6y wjHk80P7L9A3stDQKfhWDx2omUuhS/q8Lkbb14Z4pT0/DTLHT0heYRgR1DOm1dWf umT8V1dqTlK0tuB2rUL+om8PloA0pQShEOc1WZfK6NMlNKuqEkBH10MhWmESeA25 kK5yqjJwaWc+zYM4lX8l812TNlhhNten6Phk/MxuGk3LnO8UXdaQuharRmKJ4Z94 saqo1mKi5lR5rRDEKy2455Q+tN9jzSwmVVyN2b+zL6cwRmRqBpZgIbBDSH2IvJDU yTxvwYj6HRfz+DFWef3zmyZk1Yi5XncwXOCh8jmtDQ502185ZhXiko4shr/4B3po ycd6mUV17qH1k7BZ0Vdgo9Eqy0sPZSjPbDF2OAoUSNg3cCU5lOiYL9lX0/9EYjcg 8Oxg/ZoCLQ== =2TEU -----END PGP SIGNATURE-----