-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 15:09:10 +0800 Source: golang-1.22 Architecture: source Version: 1.22.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Shengjing Zhu <zhsj@debian.org> Closes: 1065368 Changes: golang-1.22 (1.22.1-1) unstable; urgency=medium . * Team upload * New upstream version 1.22.1 + CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping + CVE-2024-24784: net/mail: comments in display names are incorrectly handled * Update upstream signing key * Backport patch to fix external link on riscv64 (Closes: #1065368) Checksums-Sha1: 9c30b1525e8f6620ec597a9ce10d548972794b85 2524 golang-1.22_1.22.1-1.dsc 81651938663134518593c61c611443f1e8ccf7ee 27548577 golang-1.22_1.22.1.orig.tar.gz 242073cdf4c47e6e8649cc12357ce8dece6faefe 833 golang-1.22_1.22.1.orig.tar.gz.asc 6ac9b9327473588fb137892c5bbc2a1ae41d6a8f 41676 golang-1.22_1.22.1-1.debian.tar.xz 619dc8bbd8118e468ff16fbd634a67f01462256c 6545 golang-1.22_1.22.1-1_amd64.buildinfo Checksums-Sha256: 979ceb551226b823a79d0b9d5fbdc5bf5625f2e71f66617478e97ff6b306aebc 2524 golang-1.22_1.22.1-1.dsc 79c9b91d7f109515a25fc3ecdaad125d67e6bdb54f6d4d98580f46799caea321 27548577 golang-1.22_1.22.1.orig.tar.gz d217ad270c2dbcd0c952b2033c7b70de03bcac616f5f2134da3a697183902831 833 golang-1.22_1.22.1.orig.tar.gz.asc 927a564dafacd30c6c4fb7335f8e61894341491f5ef95deade889ef57b73acd2 41676 golang-1.22_1.22.1-1.debian.tar.xz 7a1fb172dab010dd147049ab374da9c0f776a935085e48f8530a9f8ec932b30b 6545 golang-1.22_1.22.1-1_amd64.buildinfo Files: ad13dda3b2d2a6153decf4f25494ca08 2524 golang optional golang-1.22_1.22.1-1.dsc da1a44807b86836323ed475d81ddee8a 27548577 golang optional golang-1.22_1.22.1.orig.tar.gz c37a54a6892eb537d501cadf6cc5896f 833 golang optional golang-1.22_1.22.1.orig.tar.gz.asc 09c2d2353b4cb93a8c641abb07b4c826 41676 golang optional golang-1.22_1.22.1-1.debian.tar.xz cc090e32ae080397b606b5e71839aadc 6545 golang optional golang-1.22_1.22.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEc793ixFTU9Vien7Zh7Iv85yjO70FAmXoHGoACgkQh7Iv85yj O71i8Qf+Kroz+ymv+HTnhuEDGg+Yq1TNNJCC45ZygKIuraCKwwOQeCXUsJKUkLY6 DFTzftWXagm4kXMKgcz5fhl8XD0lzwljFwSSXhZIvANf/7QeEBzHC2rc22SSDy6X 0bT1F234fX2HUUz83s1u80+EPXH+g6kNh6QQGmPUdC7MQsJ9o4QMRfb04mz14l5a vxLMlX/sCp1rjovPbXWXDEKu+vchnwUTy5HIyBEvowdHbQeiUNrO0amfKuA9bhF8 hZpADzniqpp5ipHJJOHMEEnelI015zX9WjT8/5nvAnaiXgIZE4sVW+A1pKgk6C8G 7xVY7YYHa4QuGgcV+A1gedOiWxdMFw== =pDwh -----END PGP SIGNATURE-----