Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted golang-1.26 1.26.2-1 (source) into unstable
Date: Wed, 08 Apr 2026 09:33:49 +0000
Signed by: Dr. Tobias Quathamer <toddy@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2026 11:04:20 +0200
Source: golang-1.26
Architecture: source
Version: 1.26.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Dr. Tobias Quathamer <toddy@debian.org>
Changes:
 golang-1.26 (1.26.2-1) unstable; urgency=medium
 .
   * New upstream version 1.26.2
     - CVE-2026-32280
       During chain building, the amount of work that is done is not
       correctly limited when a large number of intermediate certificates
       are passed in VerifyOptions.Intermediates, which can lead to a
       denial of service. This affects both direct users of crypto/x509
       and users of crypto/tls.
     - CVE-2026-32281
       Validating certificate chains which use policies is unexpectedly
       inefficient when certificates in the chain contain a very large
       number of policy mappings, possibly causing denial of service.
       This only affects validation of otherwise trusted certificate
       chains, issued by a root CA in the VerifyOptions.Roots CertPool,
       or in the system certificate pool.
   * Set Forwarded in patch headers
   * Update Standards-Version to 4.7.4, no changes needed
   * Use go-X.Y for lintian overrides
   * Remove mismatched lintian override
Checksums-Sha1:
 6504d348cc9cc97e021263785623c93f9f9d81eb 2915 golang-1.26_1.26.2-1.dsc
 ae592c3e0124252197eb443400a61e592adbceb5 34120738 golang-1.26_1.26.2.orig.tar.gz
 6058e30cc0f8b9be1e0c8eabfdc529f61655bcf1 833 golang-1.26_1.26.2.orig.tar.gz.asc
 f3f6d00d970660fca3baadec80c87a08a01d1a86 46156 golang-1.26_1.26.2-1.debian.tar.xz
 99a9783295df9f35cf997ff93436d9831ae78b96 6644 golang-1.26_1.26.2-1_amd64.buildinfo
Checksums-Sha256:
 8ff49dbed4221a9cc114efb6d7798f292e7fb24bb400f038f76cc426b37ccb74 2915 golang-1.26_1.26.2-1.dsc
 2e91ebb6947a96e9436fb2b3926a8802efe63a6d375dffec4f82aa9dbd6fd43b 34120738 golang-1.26_1.26.2.orig.tar.gz
 c044c9ae638da197b95aa04f8e6597de537536a32b3100d09ae4633655d2b6f6 833 golang-1.26_1.26.2.orig.tar.gz.asc
 424253aa08a51c9e840829168154b68f7c191be3d339740efd10ab7b0cf3de59 46156 golang-1.26_1.26.2-1.debian.tar.xz
 41a7d90fc0e8eaff4f9aa331dc2aa8b1bc29c1d85eaace266a4b1e07650975bf 6644 golang-1.26_1.26.2-1_amd64.buildinfo
Files:
 89355a29044636d636398a1ce0c1efde 2915 golang optional golang-1.26_1.26.2-1.dsc
 6215fcdd2085d8ef591777139cfb5af7 34120738 golang optional golang-1.26_1.26.2.orig.tar.gz
 259beea2c7de584bd15d3bdad0c86a99 833 golang optional golang-1.26_1.26.2.orig.tar.gz.asc
 0919be9f17ac7dfeacedc1c2addb36ab 46156 golang optional golang-1.26_1.26.2-1.debian.tar.xz
 18537dcca8daef7617f1c4791f059a69 6644 golang optional golang-1.26_1.26.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmnWHXAACgkQEwLx8Dbr
6xlJEA//bjYxtxA+wA50TimJhlRutFu7uvdrohUT+/9Z8Xbu/XI8IyXe7DedvX7D
NFvqY68b8x+hVcgVAFyVYYM6yUiJBYErKdCGriVa8gSnAzQhBJ4bgmgAUVcp2T7O
PIPXzx48o0v4ElihNkWYSoq/8sujG/U5cV0QsO7vOjj901fpwxNGj0npmPgAgMP7
KkTm4PvInQhZRZq/IOQ6o4w1htJWWd6C13qhZMScgnExaWkDm2Af2GOlg/Y/dMlq
Pc8XrhuHGrJnNOMyIFLeLhinEzSaCturN8SNX3/KqqcS0bjJBxVozMgtrVHiMxbE
dogiZtAasluZhbRxLOObd7UavzZ7XlPcSvvoV+8ZNnRM3crRX/awVZP51B7MEcIg
L+PDD9+pr13Pr1bB+om8n8O2IIWw1MaD/Cn9TiCW/bX6mFMQx5S2oLQ2hPG61jxQ
zZyd0Ac1vkSYb9VpxPZoSqQCWSpaxCQZ8J3VfK4+QEY2/ksJJkvWAei+pkTORwn6
ifMTNigJzQSDu7qufqpts00tqZbmvcZp+Z8HeEjiyaJhPiLXjT0XbcZpUycOBebV
0TfKBLbMbOGIsuUU0D1cdWeScD8nWM7a+dEerwyk1iQq4KiaGoPYA0q4QpsZDNw0
5L34plMtYQQrjwnjMOe+tFGz7F5Yzzz09AiLif9V1mnZTKtB0/w=
=gZJm
-----END PGP SIGNATURE-----
News for package golang-1.26
