-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 30 Apr 2025 18:00:23 +0200
Source: hugo
Architecture: source
Version: 0.80.0-6+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Changes:
hugo (0.80.0-6+deb11u1) bullseye-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Rebuild with golang-github-gorilla-csrf 1.6.2-2+deb11u1:
- SECURITY UPDATE:
+ CVE-2025-24358 / GHSA-rq77-p4h8-4crw:
Fix CSRF via form submission from origins that share a top level
domain with the target origin.
Checksums-Sha1:
5ec7933eefb5649a74edd99b4517358278f1f126 4281 hugo_0.80.0-6+deb11u1.dsc
7920d65b7a955d437380dba7f44f76e4d8b69040 36212609 hugo_0.80.0.orig.tar.gz
14bc058208a86b25bc8decc119057237e7fe3afb 313612 hugo_0.80.0-6+deb11u1.debian.tar.xz
5f3ec2b1c208df1b08ebddfc605b1d7eefe46a26 7978 hugo_0.80.0-6+deb11u1_source.buildinfo
Checksums-Sha256:
37eb9c5bdb4332aa54ef8842db3c4e653bb9b21d1d6043a5dbbb7d163d2a23c1 4281 hugo_0.80.0-6+deb11u1.dsc
4ddcd6ebea21e5fd4067db4a481ab7810e34496d5991a3520169c8f5ee1d38bb 36212609 hugo_0.80.0.orig.tar.gz
cb1d25413be8a37d717e5fadcd2bc923574518b1b0316514385877df93e5c2de 313612 hugo_0.80.0-6+deb11u1.debian.tar.xz
0f7a474a290b7ab64b8ae09895a8433bfa4f6b5d166514d630b21d987df7e4fe 7978 hugo_0.80.0-6+deb11u1_source.buildinfo
Files:
613d367bbb38f78a092321b258d98645 4281 web optional hugo_0.80.0-6+deb11u1.dsc
fb60abd5139209d3377401746ec80107 36212609 web optional hugo_0.80.0.orig.tar.gz
d978de144b2e2536884e0ef4d52eee32 313612 web optional hugo_0.80.0-6+deb11u1.debian.tar.xz
976194d084976dc2235bfebdd45c1b60 7978 web optional hugo_0.80.0-6+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaBJJQgAKCRDoRGtKyMdy
YcysAQCL2OBYlrf8Ro/CvB91R2V7WfMwBWpYwDn9iaE9Dj0NawEAl7H10AhMGZsD
qTGW+0RWO6MiYTbykBQtV0OjjWAmdwM=
=llR+
-----END PGP SIGNATURE-----
