-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2022 08:20:54 -0500 Source: golang-1.18 Architecture: source Version: 1.18.8-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Changes: golang-1.18 (1.18.8-1) unstable; urgency=medium . * New upstream version 1.18.8 + CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different environment variable. Checksums-Sha1: 8fc152a1a9d4e2754795ad0270b379eb09f63fa8 2255 golang-1.18_1.18.8-1.dsc 6006528bee9fcee269c53c33f45e80c33e188e06 22873390 golang-1.18_1.18.8.orig.tar.gz 03c649d93bac17defedddca9f1a6e3dedc776334 819 golang-1.18_1.18.8.orig.tar.gz.asc bc615cfda9f1e1e4b5befb45e928a0c19ee9b855 42120 golang-1.18_1.18.8-1.debian.tar.xz fa501b73775c27a9f207c8bb4e17516bc7afd460 6530 golang-1.18_1.18.8-1_amd64.buildinfo Checksums-Sha256: 5bbeb75519adfb45c32b075d3b66dfe365a6dec3e347acf71834a7f43ade905e 2255 golang-1.18_1.18.8-1.dsc 1f79802305015479e77d8c641530bc54ec994657d5c5271e0172eb7118346a12 22873390 golang-1.18_1.18.8.orig.tar.gz 6534831f7dc383730c865c87689545ecd98b4547c91cf1bcc0c7c77b03f70118 819 golang-1.18_1.18.8.orig.tar.gz.asc fa1e0126a879c41fd4c1990d302b9a67a4f6baaaeeb570f2ebea3b2ed19d09f4 42120 golang-1.18_1.18.8-1.debian.tar.xz b87828d1d9b4015ff537bdae78c85c37dae5767e25260d36c9c988430ae7e009 6530 golang-1.18_1.18.8-1_amd64.buildinfo Files: 1a402671e45424bb002269552f820027 2255 golang optional golang-1.18_1.18.8-1.dsc 4da6e6a0f709a4fe9f5b1033a8439a09 22873390 golang optional golang-1.18_1.18.8.orig.tar.gz aafb2cc2c7c56fd6e48c4f33186d6fa5 819 golang optional golang-1.18_1.18.8.orig.tar.gz.asc c42ab88092a252a7b6784ca53d141488 42120 golang optional golang-1.18_1.18.8-1.debian.tar.xz d6661a7d7a8ba8cf465bbe8ebaffce9a 6530 golang optional golang-1.18_1.18.8-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCY2v9SxAcemhzakBkZWJp YW4ub3JnAAoJEH9E+iXqVRTLh0cBAIPBdDPPhHfEWvLj1PR2bdeSaWZ+DTAIui7c ZYtsIvmHAP9kviVzzy2Xbn/N96Qki/AaANRwRb0XjW8K1Hs47dhBCg== =ULqQ -----END PGP SIGNATURE-----