Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted golang-github-gorilla-csrf 1.6.2-2+deb11u1 (source) into oldstable-security
Date: Wed, 30 Apr 2025 13:40:23 +0000
Signed by: Andrew Shadura <andrewsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Apr 2025 15:07:40 +0200
Source: golang-github-gorilla-csrf
Architecture: source
Version: 1.6.2-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 1103584
Changes:
 golang-github-gorilla-csrf (1.6.2-2+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * SECURITY UPDATE:
     - CVE-2025-24358 / GHSA-rq77-p4h8-4crw:
       Fix CSRF via form submission from origins that share a top level
       domain with the target origin (Closes: #1103584).
Checksums-Sha1:
 6341e1299939207a3127afa1aa387b0421559795 1717 golang-github-gorilla-csrf_1.6.2-2+deb11u1.dsc
 a4494b99df752f76be1b01cd4162bd5782dd390b 21556 golang-github-gorilla-csrf_1.6.2.orig.tar.gz
 fbb8bba64470c0fbaac82c14f6cf802aba244c61 8660 golang-github-gorilla-csrf_1.6.2-2+deb11u1.debian.tar.xz
 97ed83d8b940dd984b27de5ae9b7b78c02627b29 5782 golang-github-gorilla-csrf_1.6.2-2+deb11u1_source.buildinfo
Checksums-Sha256:
 408a647dd752fb5d64016511a0092744f959b4aac4681c2405356cbe245ae2b8 1717 golang-github-gorilla-csrf_1.6.2-2+deb11u1.dsc
 b738f87c8c78391e366a302398a55623c0dea8461ddfeedbb98f52abb6195584 21556 golang-github-gorilla-csrf_1.6.2.orig.tar.gz
 68da80db6da2a36b34a2b4bdf23768b3a93bcc5a78212e98b77f3713b0f524df 8660 golang-github-gorilla-csrf_1.6.2-2+deb11u1.debian.tar.xz
 c945fdf5a5fd0c9a2e08eb16cd4d281ecd1ed1c8973ccdb4f3fa630cbe979d77 5782 golang-github-gorilla-csrf_1.6.2-2+deb11u1_source.buildinfo
Files:
 cf8775366d02260e97db6928ef687f7f 1717 devel optional golang-github-gorilla-csrf_1.6.2-2+deb11u1.dsc
 a825ee63e05de3605adb5efa0ca58119 21556 devel optional golang-github-gorilla-csrf_1.6.2.orig.tar.gz
 3d427234f1923a6e8c721f861c81ff1b 8660 devel optional golang-github-gorilla-csrf_1.6.2-2+deb11u1.debian.tar.xz
 e64e0ea29b6e1a66fb0c1330742091c5 5782 devel optional golang-github-gorilla-csrf_1.6.2-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaBIkFQAKCRDoRGtKyMdy
YT87AP4r787POkR+vIkLm+hsDP1R3vZIIGqJ7IlGYRCExLrykgEAj6krHA5VVrz2
OIC4yNgZODSQ2V6steItks3TDAnkUgU=
=W7EM
-----END PGP SIGNATURE-----

News for package golang-github-gorilla-csrf