Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.25 1.25.2-1 (source) into unstable
Date: Fri, 10 Oct 2025 03:37:03 +0000
Signed by: Tianon Gravi <tianon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Oct 2025 20:14:29 -0700
Source: golang-1.25
Architecture: source
Version: 1.25.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Tianon Gravi <tianon@debian.org>
Changes:
 golang-1.25 (1.25.2-1) unstable; urgency=medium
 .
   * Add Go 1.25 to acceptable bootstrap versions (Build-Depends)
   * Update upstream signing key
   * Update to 1.25.2 upstream release
     https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
     - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress
     - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints
     - CVE-2025-58189: crypto/tls: ALPN negotiation errors can contain arbitrary text
     - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs
     - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames
     - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion
     - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion
     - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys
     - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map
     - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse
Checksums-Sha1:
 9edc750589573461c70d6fbbe11b54792a823f94 2947 golang-1.25_1.25.2-1.dsc
 8ede9f9433ade01a693ab7dbdf659990e85ff1bd 31978632 golang-1.25_1.25.2.orig.tar.gz
 8be9470342d9644d7ccd09a955102aa6cda22aca 833 golang-1.25_1.25.2.orig.tar.gz.asc
 e19d6873abc437f0a9785a4c6d76297a79052508 44664 golang-1.25_1.25.2-1.debian.tar.xz
 ec2e9b1746f5d6164a2b8e8eded91b7284457e8c 5399 golang-1.25_1.25.2-1_source.buildinfo
Checksums-Sha256:
 9f82b6dcc3057d0ab54e21b7e80dbc624783b110d185788b05fdd5942695e7c1 2947 golang-1.25_1.25.2-1.dsc
 3711140cfb87fce8f7a13f7cd860df041e6c12f7610f40cac6ec6fa2b65e96e4 31978632 golang-1.25_1.25.2.orig.tar.gz
 81d9c33ed5c0cd0564dbb724961f782418017ed9a0b9aa810d199d10a06e2b41 833 golang-1.25_1.25.2.orig.tar.gz.asc
 e3d965a97cdb8e88aded79aacc064e7a0571b2f776105c2d3b9e91fe70bb52c8 44664 golang-1.25_1.25.2-1.debian.tar.xz
 b74ead23474784884424fcdd9550d86240327392125c8923f946c9b52e443c60 5399 golang-1.25_1.25.2-1_source.buildinfo
Files:
 d1566358d1c378746e4870361f5cf7a0 2947 golang optional golang-1.25_1.25.2-1.dsc
 c92c12e9f8e93612346dff32fdf5d31f 31978632 golang optional golang-1.25_1.25.2.orig.tar.gz
 d8e02b5e7e4b13b56aff62434516aab7 833 golang optional golang-1.25_1.25.2.orig.tar.gz.asc
 f72d7ce8e880aad04cd380e133f5396a 44664 golang optional golang-1.25_1.25.2-1.debian.tar.xz
 d7f1061dcbd278f60186be209c8d1a4b 5399 golang optional golang-1.25_1.25.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAmjoeoUSHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3UBmkQAL0DTJrzaBjxpdAgXmkD3V2g3aOAQC1Y
EtgG9oaM91mKv/r3Uf3op/3/cgSc0hBdmWzqh9URlt+2ZAR3z4LTZkYDiTqxVpBE
wclowWuyMwyTYIoxDUIopdQ1aLWvpG3bQmbifj/ibpzt8/XfNs4KmOb6gWSZ53GC
UmwKWKaw2aLZ4OB/iRYhY+q/SQSvW8qAKWm5nHOyE53DNLDuhE6s4WGGBqAK6m4X
IVPpR1dL+FnT+J+SeM8AluFNcBVZkktmE8aCw1/rtolZdTBReJji9jSLqA0pMpsD
xZplSn6Q7deg0QmwajGFa4pwi8fqFgDQl/4FbOQIqbkieXDmqDb35H7cPmawZykq
Z+wzV/FErJoKClK1MFThBaqqqGlfBjYMQQYFpYeKWYbEug2OSnR++zycZGisbXzw
fmHeSSabWcdOiyiBukC6tu8Qsgnu3EKBCWat94zL9rUaw0yTOUPa6/dxnv3RZ52y
t3XBJg84Rqjex754RTMiteZNT3ElN8kGEGgYPBQ3sHfbUGBhYTN+mz0IVx39lu3o
33JJr4jEL8hBI+A25E7+c6YjN+JxKeICEgr2eJHUlp83DP/0WdeyUqfGuhgjnozJ
LqVdBH688V5aj/f1NoDKOVCozJaiQmKoBll0/BkgSFKi1v4kZlb/sjYm12j+I61q
Rl9SiJ3FGWdD
=JTH/
-----END PGP SIGNATURE-----
News for package golang-1.25
