Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.25 1.25.6-1 (source) into unstable
Date: Fri, 23 Jan 2026 07:22:01 +0000
Signed by: Tianon Gravi <tianon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jan 2026 23:07:54 -0800
Source: golang-1.25
Architecture: source
Version: 1.25.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Tianon Gravi <tianon@debian.org>
Closes: 1115301 1121847 1125464 1125916
Changes:
 golang-1.25 (1.25.6-1) unstable; urgency=medium
 .
   [ Anshul Singh ]
   * Update to 1.25.5 upstream release
     https://go.dev/doc/devel/release#go1.25.5
     - crypto/x509: excessive resource consumption in printing error string for host certificate validation
     - crypto/x509: excluded subdomain constraint does not restrict wildcard SANs
 .
   [ Tianon Gravi ]
   * Update to 1.25.6 upstream release
 .
     1.25.6: (Closes: #1125916)
     - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc/m/pQP7Bk0aCQAJ
 .
     - CVE-2025-61728: https://go.dev/issue/77102
       archive/zip: denial of service when parsing arbitrary ZIP archives
 .
     - CVE-2025-61726: https://go.dev/issue/77101
       net/http: memory exhaustion in Request.ParseForm
 .
     - CVE-2025-68121: https://go.dev/issue/77113
       crypto/tls: Config.Clone copies automatically generated session ticket
       keys, session resumption does not account for the expiration of full
       certificate chain
 .
     - CVE-2025-61731: https://go.dev/issue/77100
       cmd/go: bypass of flag sanitization can lead to arbitrary code
       execution
 .
     - CVE-2025-68119: https://go.dev/issue/77099
       cmd/go: unexpected code execution when invoking toolchain
 .
     - CVE-2025-61730: https://go.dev/issue/76443
       crypto/tls: handshake messages may be processed at the incorrect
       encryption level
 .
     - os: allow direntries to have zero inodes on Linux (Closes: #1115301)
 .
     1.25.5: (Closes: #1121847)
     - https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ
 .
     - CVE-2025-61729: https://go.dev/issue/76445
       crypto/x509: excessive resource consumption in printing error string for
       host certificate validation
 .
     - CVE-2025-61727: https://go.dev/issue/76442
       crypto/x509: excluded subdomain constraint does not restrict wildcard
       SANs
 .
     1.25.4:
     - https://groups.google.com/g/golang-announce/c/tVVHm9gnwl8/m/-oTvYIjCAQAJ
 .
   * Fix build with DEB_BUILD_OPTIONS=terse (Closes: #1125464)
     (solution borrowed from xz-utils debian/rules)
Checksums-Sha1:
 98806988a72f4a1ebfb53f9d6c751243274afc16 2947 golang-1.25_1.25.6-1.dsc
 c3de36c316f7b3d1c219534e6713abefd43d0d75 31987986 golang-1.25_1.25.6.orig.tar.gz
 75be6762f032fe2760ef96f7696ded2502771663 833 golang-1.25_1.25.6.orig.tar.gz.asc
 bab5fa3283e45bea1492c0fb58a427443a34e9d5 45140 golang-1.25_1.25.6-1.debian.tar.xz
 50fb8bfce9062ae65641a621736c85a807981e65 5631 golang-1.25_1.25.6-1_source.buildinfo
Checksums-Sha256:
 23bc98e233504e6dc15ef328c1ba062a68b91994672fe276b68eb0c3258e1f85 2947 golang-1.25_1.25.6-1.dsc
 58cbf771e44d76de6f56d19e33b77d745a1e489340922875e46585b975c2b059 31987986 golang-1.25_1.25.6.orig.tar.gz
 0c6dc240f9bb8b8277f9bd563a93c697074ced149c95e676ff4f51c396972c03 833 golang-1.25_1.25.6.orig.tar.gz.asc
 4883d22f428dd05adabbf753c44171cb3e88a0a07c6103f8fba7dad2f2aedb73 45140 golang-1.25_1.25.6-1.debian.tar.xz
 8826591470b5e80d938ccdfcea3ff117d2840664e2c896423ffa845a91dab656 5631 golang-1.25_1.25.6-1_source.buildinfo
Files:
 de483f0b52642df4a968ceff2ea25f34 2947 golang optional golang-1.25_1.25.6-1.dsc
 6451131ecdfe1ee666f52cc3cd9257d9 31987986 golang optional golang-1.25_1.25.6.orig.tar.gz
 33218f18f48413ed4498fa2a6c8c95f2 833 golang optional golang-1.25_1.25.6.orig.tar.gz.asc
 5ae1826ceb0622ecda07d789d5f8f27f 45140 golang optional golang-1.25_1.25.6-1.debian.tar.xz
 aad4d36f232dd6d9c9f0f22750b433bf 5631 golang optional golang-1.25_1.25.6-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAmlzHrkSHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3UQCgQAIzg/8GMUFBNFIQoi9CxMtcjSZBen1EX
Flqb+5JPrvIvbrmgn8DBaYpvwzHbYXaLoiK3xsVgFz2B+anE2ge3wtp02/rbBgD6
0rpsooc2xf3MokaZ5kOs2meY55K7qqZPI/8Vg5RxYh8B1Id61V7S5ZFSNE7Ok4eY
9IMZC5dkxe5Trsfbm7NVKdxzciEBKqpRqQZcKlMtP61Y54EfKm/KC0+QYsxPZqBI
WyzK0SvrjABfiC01gC2dWmIt8Mtf9YUnVTU0DWXhycALuzfCcNIxsa9q2gaUDKEu
2HJAbvDK+aRDcr3S32a5GHG/BE7zElVU449Q6Z6Q1CNifhyvyFaoEY5DQtQfl5jU
FQFXJzPKmLbQwZZ/ZNVojEeBcpRLcoVxznZA3vmsHpA54o9cy5KoqhCYccZKrsEy
jgQcCJVkewrD/2L3iltxdHQLhbkMIrsAJfNol6Vu+mjvW37uW3wg2cuBY2NAsLIU
Ap8eq9FoGzkYoJH37jPlU1l/0KCIg2dxUjOOoHze4HGkWdYUlWNKDFCQnbdyp6k3
U2uKlJdNUX53kpoflybBDd3J2oyaNavYAxsuNybvqJOBzSQrjIfiK80FG+Vnu/Et
xNUM8F/l/FNSDWZGr6qL2Um1DnRWVW5kqSjPUDxbu+2kImcumAonfB4+fL+pXO+/
pYkLxv2WyTNk
=qxys
-----END PGP SIGNATURE-----
News for package golang-1.25
