Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted golang-1.19 1.19.3-1~bpo11+1 (source) into bullseye-backports
Date: Tue, 22 Nov 2022 05:04:16 +0000
Signed by: Anthony Fok <foka@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Nov 2022 13:21:10 -0700
Source: golang-1.19
Architecture: source
Version: 1.19.3-1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
 golang-1.19 (1.19.3-1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 golang-1.19 (1.19.3-1) unstable; urgency=medium
 .
   * New upstream version 1.19.3
     + CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables
       On Windows, syscall.StartProcess and os/exec.Cmd did not properly check
       for invalid environment variable values. A malicious environment variable
       value could exploit this behavior to set a value for a different
       environment variable.
 .
 golang-1.19 (1.19.2-1) unstable; urgency=medium
 .
   * New upstream version 1.19.2
     + CVE-2022-2879: archive/tar: unbounded memory consumption when reading
       headers
     + CVE-2022-2880: net/http/httputil: ReverseProxy should not forward
       unparseable query parameters
     + CVE-2022-41715: regexp/syntax: limit memory used by parsing regexps
Checksums-Sha1:
 93472acafc7bf1cc3d95d4d839116e199c03f55e 2893 golang-1.19_1.19.3-1~bpo11+1.dsc
 a3bdfe008ba7dae740caffd723a63423d5151ea1 41576 golang-1.19_1.19.3-1~bpo11+1.debian.tar.xz
 2edc9df59f86dbcca883b4499c83253925e6c97e 7189 golang-1.19_1.19.3-1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 e085cf05442d944c81bfbe34b453172019c48ad839a83257d54c4f4b637a8db4 2893 golang-1.19_1.19.3-1~bpo11+1.dsc
 2d342ecbcc391053f6b37d97f82e6801a0e6a6a7600197fb3ff1266706e83a33 41576 golang-1.19_1.19.3-1~bpo11+1.debian.tar.xz
 8e68cc5d776fdcb90f15111bc810645db52b8c2f145bcdf3928c806d3a7e21ce 7189 golang-1.19_1.19.3-1~bpo11+1_amd64.buildinfo
Files:
 de3e1e6a502d079d7968b5ca07e1174f 2893 golang optional golang-1.19_1.19.3-1~bpo11+1.dsc
 a398b59e5e5f5b01626de98f5ac1d61c 41576 golang optional golang-1.19_1.19.3-1~bpo11+1.debian.tar.xz
 838b1cbc290f0c1b221c50c9700afb3d 7189 golang optional golang-1.19_1.19.3-1~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmN8UvYQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz9RcD/4oECGicMzNTZGRIji3OZOwSqR+jOLs7IpC
5kZ2w0zTfAJ3X7+yhYU5jexufNYCuQ6ezQKrT9F3fBSGOEHxQPvmFgKRssFZ901w
JN0eQiVp8f2ODtFyQ9sPiF7r3DYsTJbk5xtCO2krRxgxg6Lby58oae+LnFSo5Ql8
baT6cGLPNJJKoMNsMgQsvBf2HVkWE+MGRtz+gWu1sUQQj9M7YnV/4B67Tu3Z5nLz
3Xr2lyykCmsIStcNTUCbiz6AOXC2bJrbV0M7KEjfFlBBN9HAnKeah/FdvLmdpqzF
YfKUe4YoTW/7Uev066LPtTTZjopJRCyVG4oojWXxQ4CyP35AZcu7FebQUMf4FiUv
Y+tC4qKTt48QilYlX9lHTPvelVaONWWTs07o/2PFYh9mVHPmT3BN35DqN4WJsjwT
n/qGbvT8YhEiHfavxXR8SZn0AtV7i5NXAgYbFwFkylKTO127g3x5jA/0grJLzwa8
DzzkoPIfYEMah4TNEI0edTTweBGE780Am9t0GlEjZ9cfnuLAT+WWhHTgqecV5uJi
Ucz1wRtR/0pHSwG9K5/zlAaICuK5vs99EwCbCKhyPYNDKea/BlJxu3z6JQtATeul
kjCyB2xGaBBRKoUCPU448VDqy0yDEDlMZVBSChBkqr1vt9cXquVQiI7XE3vjV9zg
iX8xTxJ5ZA==
=wvGg
-----END PGP SIGNATURE-----
News for package golang-1.19
