Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.24 1.24.12-1 (source) into unstable
Date: Sat, 24 Jan 2026 08:30:37 +0000
Signed by: Tianon Gravi <tianon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Jan 2026 23:52:11 -0800
Source: golang-1.24
Architecture: source
Version: 1.24.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Tianon Gravi <tianon@debian.org>
Closes: 1115301 1121848 1125464 1125917
Changes:
 golang-1.24 (1.24.12-1) unstable; urgency=medium
 .
   * Update to 1.24.12 upstream release
 .
     1.24.12: (Closes: #1125917)
     - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc/m/pQP7Bk0aCQAJ
 .
     - CVE-2025-61728: https://go.dev/issue/77102
       archive/zip: denial of service when parsing arbitrary ZIP archives
 .
     - CVE-2025-61726: https://go.dev/issue/77101
       net/http: memory exhaustion in Request.ParseForm
 .
     - CVE-2025-68121: https://go.dev/issue/77113
       crypto/tls: Config.Clone copies automatically generated session ticket
       keys, session resumption does not account for the expiration of full
       certificate chain
 .
     - CVE-2025-61731: https://go.dev/issue/77100
       cmd/go: bypass of flag sanitization can lead to arbitrary code
       execution
 .
     - CVE-2025-68119: https://go.dev/issue/77099
       cmd/go: unexpected code execution when invoking toolchain
 .
     - CVE-2025-61730: https://go.dev/issue/76443
       crypto/tls: handshake messages may be processed at the incorrect
       encryption level
 .
     - os: allow direntries to have zero inodes on Linux (Closes: #1115301)
 .
     1.24.11: (Closes: #1121848)
     - https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ
 .
     - CVE-2025-61729: https://go.dev/issue/76445
       crypto/x509: excessive resource consumption in printing error string for
       host certificate validation
 .
     - CVE-2025-61727: https://go.dev/issue/76442
       crypto/x509: excluded subdomain constraint does not restrict wildcard
       SANs
 .
     1.24.10:
     - https://groups.google.com/g/golang-announce/c/tVVHm9gnwl8/m/-oTvYIjCAQAJ
 .
   * Fix build with DEB_BUILD_OPTIONS=terse (Closes: #1125464)
     (solution borrowed from xz-utils debian/rules)
Checksums-Sha1:
 eb59dc3c05926366a0585e8245ba4126760350f1 2933 golang-1.24_1.24.12-1.dsc
 edd2b0e3e183c973e3bd73320bf18dd6157ee3d2 30803950 golang-1.24_1.24.12.orig.tar.gz
 21df7477fab6b7198ebd97569015218f9560be77 833 golang-1.24_1.24.12.orig.tar.gz.asc
 33ffd4515b90ecc816c8a9bf1fb13e33b24d72c1 45248 golang-1.24_1.24.12-1.debian.tar.xz
 09d8813ad2212ddf63aed84568793c5a65eafe8b 5636 golang-1.24_1.24.12-1_source.buildinfo
Checksums-Sha256:
 9cc9da3f706a7a42f3042b9ca5064fc5d5b4d737589437c6e0d7d6c719ce3a96 2933 golang-1.24_1.24.12-1.dsc
 fba2dd661b7be7b34d6bd17ed92f41c44a5e05953ad81ab34b4ec780e5e7dc41 30803950 golang-1.24_1.24.12.orig.tar.gz
 78e33805e528961e18ec70843782c27c64218db27f5a088002a215911b48e252 833 golang-1.24_1.24.12.orig.tar.gz.asc
 9385cbe07cf945dfa69262e8c075a14a1cafb8d4eacf6c18e382d5c01f3377e3 45248 golang-1.24_1.24.12-1.debian.tar.xz
 69c15d7f6f4ed1c2b3921d495c56e5e7b70892b42441359207b2fc8c5367c431 5636 golang-1.24_1.24.12-1_source.buildinfo
Files:
 27be3f7a6f9e302de65cf80558d98837 2933 golang optional golang-1.24_1.24.12-1.dsc
 7d0efe8899a502be06604b28cf0f756c 30803950 golang optional golang-1.24_1.24.12.orig.tar.gz
 d65416292884be6af90c7ccb079400ed 833 golang optional golang-1.24_1.24.12.orig.tar.gz.asc
 2873294088929df7e7c16c658fdf31b1 45248 golang optional golang-1.24_1.24.12-1.debian.tar.xz
 4c578f15023ac7b21bdcdda4b602f907 5636 golang optional golang-1.24_1.24.12-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAml0eo4SHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3Uh/AP/3E2igk/aG40/Of0RlYL57HAf4CRuDIC
UFYTu5o24htctyny6eOmjCUQTrCQMlXALj8sYX+Rg/eCr9gZ5t9W+xkRntMfABCH
ubIulWkx39l3ORSZwf38/r8OkgXd8UCeC4QbQDB/AzGUF658co79IRiKgezPYzra
Oqh5+vVKg1b4s21Dx6uefETq/kyxvCHg5NL04KYX/4wNrj0kdQvAltcnJAPq6i5g
Xgnlm9sV/rrTeknQBXidsMwTgnAvfCwCbfuRE5tbs/2tz/PRRLlqqDrnTKnoRYlB
a+WK2ex+PLz3pLeL/7/I/7cwTYShQ6Xtp+cwPQGri1cjkVjK9mtIvDSnnrxIpfTw
dz4Nn0dS2kK0ZwNXkkAE6Fc2n0lkF/DK8mG5bb+cPPEBXDGq17JpVfjl3/eW/aPT
tXGUTljRe54pA1GuraRKz5+jPWsOwTCoaSw4R3fVx5XRkUr9xegg743ixCX2ECwj
yYNHKbH4XbexPV0lCXh3qOVWD0rIt3CTyHdjJr0Pi8+MTroElRjIQuqs0DRVNFHs
ZqKYhW8jh9cH+i9lfRGTLmX3sTArlM0B6F1r/UtS0bShyeaaoXKDm+LmiDyLUaDz
TWV10h7eHBgxA7kliq44d/B2qwIW55ODpeGGp4DI85U2uYjFAjmSunR7/zQXAVnA
zT9oJM1w5Afz
=f7Rd
-----END PGP SIGNATURE-----
News for package golang-1.24
