-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 Aug 2022 01:26:17 -0600 Source: golang-1.17 Architecture: source Version: 1.17.13-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Changes: golang-1.17 (1.17.13-1) unstable; urgency=medium . [ Shengjing Zhu ] * Update upstream signing key. Download from https://dl.google.com/dl/linux/linux_signing_key.pub . [ Anthony Fok ] * New upstream version 1.17.13 - Security vulnerabilities fixed in 1.17.12: + CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header + CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions + CVE-2022-30630: io/fs: stack exhaustion in Glob + CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read + CVE-2022-30632: path/filepath: stack exhaustion in Glob + CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal + CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode + CVE-2022-32148: net/http: Improper exposure of client IP addresses - Security vulnerabilities fixed in 1.17.13: + CVE-2022-32189: math/big: index out of range in Float.GobDecode * Bump Standards-Version to 4.6.1 (no change) Checksums-Sha1: 55926a80f854120c9b5aa8dc7c9809d319fbedc3 2871 golang-1.17_1.17.13-1.dsc 88e2bd59e440816155b9355a74185269b220453a 22206518 golang-1.17_1.17.13.orig.tar.gz 025bfffcd518e5461ecd5a29e5b946549a31dffe 819 golang-1.17_1.17.13.orig.tar.gz.asc 6db4b7025b3dcdaeca0aa467f3a10561cb28894a 41424 golang-1.17_1.17.13-1.debian.tar.xz 48515f1e0a6c15356b384e15fec045213ef4c8e2 7085 golang-1.17_1.17.13-1_amd64.buildinfo Checksums-Sha256: f95f15a092f37137a57af698e2b4df648c100a3b9eee1dce3525d29f40199e34 2871 golang-1.17_1.17.13-1.dsc a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd 22206518 golang-1.17_1.17.13.orig.tar.gz bb64ccde19f26f76031d05ff52e813d75970220be12f1aca61eddfe9f3b009f0 819 golang-1.17_1.17.13.orig.tar.gz.asc e32def5044704dd189fa46f155b3cf779c0eebd567f1d6495001458ad8c938e4 41424 golang-1.17_1.17.13-1.debian.tar.xz 3e6445fb738ce936d9bf4d3fb169f55d62a686b21e5252a6bf7428eb7d830a78 7085 golang-1.17_1.17.13-1_amd64.buildinfo Files: 2484173425f7e070746a091cbb64b315 2871 golang optional golang-1.17_1.17.13-1.dsc 4476707f05cf6915ec1173038dc357a9 22206518 golang optional golang-1.17_1.17.13.orig.tar.gz 0bb492661061623ca6e46aad83a8d26c 819 golang optional golang-1.17_1.17.13.orig.tar.gz.asc f979fa3f26347c02f45013c6d6a58de1 41424 golang optional golang-1.17_1.17.13-1.debian.tar.xz 069ba22ebebf5bbe57496b9a83879bd9 7085 golang optional golang-1.17_1.17.13-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmLzZNYQHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWaz45nD/48XTvzliUx7mLSVLtjQF+dF6RMTt0h15SF JXiwHqwAIKcAJismhfyanhbbzIZGZKQGJh1QXCHuOke/xnKtbq8xAIoVG+aA4Z5C k6gKhAwgCFeHiyLs2/xEFHEBxAgrdkuXPTLt2AW5WTUy1j1CbJwCg7hDwr/FA+UN m0qCc5mKv+A0TEDR8NB5D7wysDNWc6UTpoG1e5U/6Fh0y17wppjED/so7teKwR+h DaL4cFVn+vIx/7v5QqzMcHZOjyd4VdUZlhdipsWik9nOYIHFujs6wlmwlbxYc+Wf t1xvikRLuMHVVMYxg9ue9gYtG4G/yGDztI7Ua57wWd2gnviZ8c4v/F8xH4TRqcK6 vM8AhI9NmAuQrR5wwZhmjIiE4nNUoRXy//QfEsqbbwpzeDBm4Bxc0Jn6NXWKCIid SMWfKZud8vB/+end4PszFvVAWjvO4L1q1A/0Rug2CYrLKg/5EelDAHd4OFYdM3Em 0qRQm9ck4bj2b43K3RdoLCRmaccHs7nIR2mXRWvGBUBIHcw4NAHRhZYqEYCGPYCM 5HBuf+5ylw368omABhJ8ZaCY4vWHB2Rz9kP6XuZczTna98/jdadApUvUI/DfLDj0 0pRBAztKHqIwAVFemWSrRulrpmt0K28YQWh6sP+z0qOienZtFJb+dyAP880l6EUp uypRPiwzJw== =rTid -----END PGP SIGNATURE-----