-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Jun 2026 13:57:17 +0200 Source: gopls Architecture: source Version: 2:0.22.0+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Dr. Tobias Quathamer <toddy@debian.org> Closes: 1138256 Changes: gopls (2:0.22.0+ds-1) unstable; urgency=medium . * Team upload. * New upstream version 0.22.0+ds - Refresh patches - New Build-Depends: golang-1.26, golang-github-segmentio-encoding-dev, golang-golang-x-oauth2-dev - Update copy of modelcontextprotocol/go-sdk to v1.6.1 - CVE-2026-42503 (Closes: #1138256): gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This can allow a malicious party on the same network to execute code arbitrarily via gopls. * Update Standards-Version to 4.7.4, no changes needed Checksums-Sha1: 5d54b5f5a0dc53891ef362af1c0bf2987853ca66 2682 gopls_0.22.0+ds-1.dsc 763f388dfdd11f96d214e81ce003439c6a74788e 7417184 gopls_0.22.0+ds.orig.tar.xz 1d2215912a506ac01deee338f49a536fac98c3e7 331948 gopls_0.22.0+ds-1.debian.tar.xz ba6fbbd8f4d4a8fa2b475a4999092b45e341b5e3 7188 gopls_0.22.0+ds-1_amd64.buildinfo Checksums-Sha256: fdae7cdecf99c2c4165fce6c9ab3f553895de67e2d933a6e23a7717852b50ffa 2682 gopls_0.22.0+ds-1.dsc cd58bfae8c92d3777172d52f0b7b17f9f872213219bdd29dd2babca3b4092aff 7417184 gopls_0.22.0+ds.orig.tar.xz b443f31114357ee449ffc8e095afc9677bdf55bda6ad47259867c22db908813e 331948 gopls_0.22.0+ds-1.debian.tar.xz b3857b5e7d29e88ec7b547aa724632df7bdea8843e377e2151582cd2c7ee224b 7188 gopls_0.22.0+ds-1_amd64.buildinfo Files: 91a6acef23133d4bc4d1d3b48ce848d8 2682 golang optional gopls_0.22.0+ds-1.dsc 49b5d073210f8fc72f54db68958b3f3d 7417184 golang optional gopls_0.22.0+ds.orig.tar.xz 03240fadc79d5f09e3682be002dd6b4b 331948 golang optional gopls_0.22.0+ds-1.debian.tar.xz d70bfa24ceafc5346835d58e92ed3a10 7188 golang optional gopls_0.22.0+ds-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmo9GFYACgkQEwLx8Dbr 6xk7VQ/+IJvO2jiqLspligwq9aCRRx9S5goycdwzN7YFdz1/broybpIkNf9y8toG X7qIYA5KfrDAsLIqCyxX6R9jaz4qULsi4PUf68KzSPY+NHt/CtjIhEqw7O4PKs+i C3jx277ytWndJ+hotWpRDRs7oBluY4dNl/Ro3/F+YHP5JLWl+Ov/fnp19/Vz69d5 I3bylzXrVudDH3YKaU4sHPzIGMEirS8gRSXfUIB8dRzHP9lXKqTA3i+JuDNJJ+ce Nb2+9A0Twh3/poWm3EOd7moTzuvdIIBto/VLWmTagezOcRUJOu519yf8z99MetRC YzcBkh3r+pBlzICbJ519W/rT8bN7rsqLoBX7k+Me85qD1aphyVZ5gFaIm9rwHona uUiMpq4ncog6SyzLvBVDGn4J/LandN2zuK4aVPSdbGOBv942fQDE8GB1TbSFzVZ5 DpNpju6pRgiT8QM83tDTDNWHr1rDlLTVaL7jKu1Gej0I95pY9/Jw/SERpP5FrLTv 6oPcPK1CIG71OoGqTsPX50DFLmC/KC437RioOQCJTE+437l3duX1nC0sQpvcOhbY S4aJ/ml0190iXqnDgSSkimkPum38i4ApWyB7tAReOTdaxguZ91UQKvEUqNGNfXw3 wqeid0JNlwkACyLz1uOQpVQ4ilPeZly+rHr63/rJ23FLXKkNhHk= =AyDJ -----END PGP SIGNATURE-----
