-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 21 Nov 2022 21:59:26 -0700 Source: golang-1.18 Architecture: source Version: 1.18.8-1~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Changes: golang-1.18 (1.18.8-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . golang-1.18 (1.18.8-1) unstable; urgency=medium . * New upstream version 1.18.8 + CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different environment variable. . golang-1.18 (1.18.7-1) unstable; urgency=medium . * New upstream version 1.18.7 + CVE-2022-2879: archive/tar: unbounded memory consumption when reading headers + CVE-2022-2880: net/http/httputil: ReverseProxy should not forward unparseable query parameters + CVE-2022-41715: regexp/syntax: limit memory used by parsing regexps Checksums-Sha1: 00d5c79e44bf1b92aa8901dd850fbd8a1b1f687f 2893 golang-1.18_1.18.8-1~bpo11+1.dsc 864616d883423bd529bbf497650f5562aae28bad 42280 golang-1.18_1.18.8-1~bpo11+1.debian.tar.xz cd0bf1b49257d576f5ad205a391c435c905e31c5 7189 golang-1.18_1.18.8-1~bpo11+1_amd64.buildinfo Checksums-Sha256: 24349904500b3df0c7d11b49166a2f157dd815f0bcde59fae7ed2af9f315e6a4 2893 golang-1.18_1.18.8-1~bpo11+1.dsc 847e0b405d425438c43ef0ecf8f78b3e441a58321b93a932ab4744a29b943385 42280 golang-1.18_1.18.8-1~bpo11+1.debian.tar.xz 1256010b93630b1458f3158a6e38e0ddab2166a02fab0afe0855b80d04276101 7189 golang-1.18_1.18.8-1~bpo11+1_amd64.buildinfo Files: 4b57f7ed5fa74350108b9232bb4a52f8 2893 golang optional golang-1.18_1.18.8-1~bpo11+1.dsc 69dbb4322837cee3f797d099d722199a 42280 golang optional golang-1.18_1.18.8-1~bpo11+1.debian.tar.xz ea2ef7c5c679d8786575392cfa054e9c 7189 golang optional golang-1.18_1.18.8-1~bpo11+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmN8YnQQHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWazzSOEACqh78dE1Ro9YLizgBqlAl+RYLovETJ2/iu NGUyA82uLrh/ucvX3mN1MzXZ7mjTIt1r16ji6LLzcT6YmEnVcJbbHLqTQkq1cEbV OTApLfobIG2z3eX1IXscLb0BKAf+vpFTqzbH5gDdJFkgTBdEqdU4dYV2bBTDS9ja OCfiXIC3L5iaeJM9C/ZpoMc7iLgb7S0ClGew58kqbPfmyFnK735kfievdPXYJ+t8 eUb7Jt3TlD1rxv4s1eVOYw6XEsQxP24uA3uKY+e58EH9Ddn0g3FkKIIOiDXK0gJj ctSdPhBFuilqeREzX6+hqukva6mgmjjAGOCF2d2PbMpsn/tkv9HBNiocOWb1gmRI aqA++fzEFGphDKLjubL6oxenP4iK/fCaVlIYPHENiKTRt6+S3KxscZINi+D2SKKG SSEWLZ5nvFAumubfTz4D30xhpZRWvIrtlHsGwPD1l178xLDOXNdizY2o038C3FuG Ei+i5FVBORMxbXr7CknSEQnTkMyviqehzLT7XHQ3x/Pa+LQ3AyMa9oQvHRyJ+906 5E2GQdIY7wrK69y8fY/+S+J29n3bbXbPR3j2VjI0XLJryDBNRCs9l8T9z5lh3XLc ZTYKGOeNgd/GF91pC8ZOAd/XRWLSeygrwNn8rbNbfZRD8b8PN8xpB1dDxBQSMkul JDkiUIuv/g== =OXcx -----END PGP SIGNATURE-----