Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.24 1.24.8-1 (source) into unstable
Date: Fri, 10 Oct 2025 03:35:25 +0000
Signed by: Tianon Gravi <tianon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Oct 2025 20:14:26 -0700
Source: golang-1.24
Architecture: source
Version: 1.24.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Tianon Gravi <tianon@debian.org>
Changes:
 golang-1.24 (1.24.8-1) unstable; urgency=medium
 .
   * Update upstream signing key
   * Update to 1.24.8 upstream release
     https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
     - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress
     - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints
     - CVE-2025-58189: crypto/tls: ALPN negotiation errors can contain arbitrary text
     - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs
     - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames
     - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion
     - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion
     - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys
     - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map
     - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse
   * Remove patch that's now applied in 1.24.8
Checksums-Sha1:
 a585d23a347565ce22af6e319a3da40026c6d43a 2923 golang-1.24_1.24.8-1.dsc
 6fd7a1b437db816b9a740f33f97ee2b75f03578d 30797581 golang-1.24_1.24.8.orig.tar.gz
 6b5de5b0030a5932ae235c10c28a4b84026f6bb8 833 golang-1.24_1.24.8.orig.tar.gz.asc
 26332b99578060746862cbd53c4d671274ba5ec8 44776 golang-1.24_1.24.8-1.debian.tar.xz
 c5f68bd7269ef15b31883438351da2265c0bf936 5399 golang-1.24_1.24.8-1_source.buildinfo
Checksums-Sha256:
 0f288271f3e4aa1e4fcc54099f18bcb3cf8e69e58ea5663f275dd0c41cb64a6c 2923 golang-1.24_1.24.8-1.dsc
 b1ff32c5c4a50ddfa1a1cb78b60dd5a362aeb2184bb78f008b425b62095755fb 30797581 golang-1.24_1.24.8.orig.tar.gz
 b6ef673f2a639e658b53426b7dc279816bb2b70188045d3d0d413e38e879817f 833 golang-1.24_1.24.8.orig.tar.gz.asc
 da9d030c31ddd942bbc79224f5e3894461515a7e432642e8d3acc71781846502 44776 golang-1.24_1.24.8-1.debian.tar.xz
 136037ff0b8ab15863ae95d2983a07683627a044bc6be1a6b45c79a0cb1b491d 5399 golang-1.24_1.24.8-1_source.buildinfo
Files:
 e8f47bd57d7e717953aa7e05d7f2a57d 2923 golang optional golang-1.24_1.24.8-1.dsc
 22c7cfa0b7160a0bb2283226b9964967 30797581 golang optional golang-1.24_1.24.8.orig.tar.gz
 a39e2e95f5cbc62baad252ca2234ba5e 833 golang optional golang-1.24_1.24.8.orig.tar.gz.asc
 de67333362c921d5465c9429353a53a8 44776 golang optional golang-1.24_1.24.8-1.debian.tar.xz
 96c59df4b8cc397eecc225e1ec664d49 5399 golang optional golang-1.24_1.24.8-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAmjoeoUSHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3UxhoP/0ubXsrE/zk/U3Qq7KLGP2zwe6NneIvH
P+4Em7JsX0ygsJhTs0j38274mcNY4G0FR3AXWmFy8bdtGSSHQ1JKUAuX2eSpBr+C
SNaOsU+vUiknau3eKmo7Yi0vzfjl6tjXZN5NV7rt6E/uJR5oHnX2tvsmkW+lxijI
Zg9tUP7vQS0BOhwpIibld5rahmwm3P1r58F6bx/uHw39/3FKDB5nRxE8o1o0c6T+
K3NttlCT/MOMJAo/z0ve4eICcH+6xLyL+RjA7kdHbpTEFFq1i4qwN91x9Yna2rz9
3KApu3fGvcsGG+sVy5yopcqj9iDH25/a6PqcTwxl2suuDJPLJGydGwhhu4MfFcHw
GXnMYCMhAdEVciPOmLFZTiekB8hypf5SXN17Uc+2J4vwjewZUoNoee7T0+gdbOPr
8LsuNYWynDK68ApcwY+kg7tWi7bJ+RPDSqvofozSYbPWjvRR29azVeKZSAxSdmXh
SCsGA8/QK0PQROomQ7sBFHplmZlRHmdLnBPzi9Wt5mkTBshatZ65zJOEYdORpQRQ
2CiOJHSpgb/drfWi9xZrM8RiYq/67cJ4Xm5XwdsHrVU0SZt+ea7phXraXfYVUxF3
2l7eNdkIgtsgXHaSdj9Uwf+NYtYXM+p4AjRDMOstyOXTfxfhcHGCFN0Ks+arEEAb
wYA0h1Wa+saf
=HzXu
-----END PGP SIGNATURE-----
News for package golang-1.24
