-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Mar 2024 22:53:16 +0800 Source: golang-github-go-jose-go-jose Architecture: source Version: 4.0.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Bo YU <tsu.yubo@gmail.com> Closes: 1065814 Changes: golang-github-go-jose-go-jose (4.0.1-1) unstable; urgency=medium . * New upstream version 4.0.1 - CVE-2024-28180: Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). Reported by Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj). (Closes: #1065814) * drop patch which has been applied into upstream Checksums-Sha1: f6b673a1a8bc1fce014eece154df8c774e60cc39 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc af1598147b98b50f313fab0d31beb6380872a533 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz d3cd996ae8fbcc8860ce8348a560da1458f834e7 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz f4f8f124f4fa378a1758e0239adbeff1dbf9046b 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo Checksums-Sha256: f8e4ddeb34af5a161f1aaecf59e95ff6569b3e6c79e62a6a0e61e2eddbda8e34 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc e8177ab716bb1aaef8fa0bba5e0ee3ff1f4c7570b5a4107256c97081ed76b821 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz 32321202d04650de2f18666c52266ff529223137a2c6b38359377d7874ff46b0 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz dd75fe6f83072acede997a8a08fc40e203c5528e646f8f9b47847c320f6b30e2 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo Files: c3bb838ed250fcf42597bfc150dfca9d 2450 golang optional golang-github-go-jose-go-jose_4.0.1-1.dsc a30aad661fd4efa97c08b2bdf3edc071 319043 golang optional golang-github-go-jose-go-jose_4.0.1.orig.tar.gz ecb2a8c1ce637a1e44179dfc3afd3f09 3712 golang optional golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz ba5d4f22de2de311fc237f482d721418 7607 golang optional golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIcmhjYVTlmab0tjp+RVP3hQ+S68FAmXxwGAACgkQ+RVP3hQ+ S68H8hAApSDhwf8DWL7ldkY0/uJ9J1EN6MCLynWJtf/zeV80xAQDy7o60w5mUe3D pHr+KvTWduDQC1fF1BfEmVbLZL7jwfjh+cwf8fRfxDc+OgE2eowcyxltz3AemaE/ YaE92tbfpDNydLKtcvPPGQcaxYf2vMKDEtP+KrJ0xLgmXtyrOrsANPWaVPjSc8UK 0LFZsinWY31djwwvukiGhQ2P6Wqzq/2lhka57Ak6dUFClivRexgoUwd82XoV0h4A mDI/LyLEj5dlu7QMs3pBqNuccnBKLDAsvsvvCDnCM5J/VpQnc0U/IudZY0MgOBSB qZiAnqQdLZiwJyABKkgT4QY8rCsQYdVuq902IDuVRTuAX9ve5tLeGYQTs980orTg WWe+LbG4M9BTHbFiKjAa6WxRqCHL3uFciwBHI5ebGO3/t3Ns5iMbYdHm4L0H28E6 LYgeIx2sM6MotdqMOfhN3AXtxlwgIxPRzbn+ef7Z4PHJ/257lFv2uBKPicwpsIme JEuwWr1Uyk9vLt4lZrz7m3L0hswztl4sFTFVXeG0Bl0s0itRP/dHBY9YBgu1aU6B clz8WHIoq1aZFJPtiJ2DtJvyfzZfvxcYeAvXvuIqH6sMgF434qnP930UMniHHoOl QZZe/42hLD5rrs8WVYIGAWSI3Cv49XOCpxRORTEsU7FAfFdYTH4= =JB5e -----END PGP SIGNATURE-----
