-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Oct 2017 10:47:15 -0400 Source: golang Binary: golang-go golang-src golang-doc golang-dbg golang golang-mode kate-syntax-go vim-syntax-go Architecture: source amd64 all Version: 2:1.0.2-1.1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: golang - Go programming language compiler - metapackage golang-dbg - Go programming language compiler - debug files golang-doc - Go programming language compiler - documentation golang-go - Go programming language compiler golang-mode - Go programming language - mode for GNU Emacs golang-src - Go programming language compiler - source files kate-syntax-go - Go programming language - Kate highlighting syntax files vim-syntax-go - Go programming language - Vim highlighting syntax files Changes: golang (2:1.0.2-1.1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2017-15041: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." Checksums-Sha1: 4195522e1838e4bb725a187926a3f63fc03187a2 1887 golang_1.0.2-1.1+deb7u2.dsc 7cb8186f3e22cc6c070c1bfbc78971851e38e829 53596 golang_1.0.2-1.1+deb7u2.debian.tar.gz bcafe71064adcf11173521e4e3b1717b465f38eb 17293376 golang-go_1.0.2-1.1+deb7u2_amd64.deb 3229eb763cbe1838a7526278f73d1be1fb9a2396 3002910 golang-src_1.0.2-1.1+deb7u2_amd64.deb 2bcbfd2024ae5647633452307f914aac5748733d 4523648 golang-doc_1.0.2-1.1+deb7u2_all.deb 8b6ae400b26433573e6258465b6655b924545750 2990310 golang-dbg_1.0.2-1.1+deb7u2_amd64.deb dbe104e177e843e5bfb69ac6df255c1459b9b75b 25398 golang_1.0.2-1.1+deb7u2_all.deb c498682162d6cb1a9b5245905f1804e2fa86990c 35568 golang-mode_1.0.2-1.1+deb7u2_all.deb 759236622bce981367f688c489903e78f4a5a379 26554 kate-syntax-go_1.0.2-1.1+deb7u2_all.deb c74ae8a8d9c751cd7e553c6c942ce9b127abd90d 31056 vim-syntax-go_1.0.2-1.1+deb7u2_all.deb Checksums-Sha256: 71cfdda9416213db61e0a4442178aac6f4a8cbf50c1737599bf662bc88055429 1887 golang_1.0.2-1.1+deb7u2.dsc db518b45d9cb6a7b6ecc9df42182bc190c99e1d3fef5861b1bed2deb4296c316 53596 golang_1.0.2-1.1+deb7u2.debian.tar.gz e21bc9980bc1385172fbbe663f90552326fbd72379bd459505906f2c2542fde3 17293376 golang-go_1.0.2-1.1+deb7u2_amd64.deb c0507ab7280da86b10a3b9bb71b5d22d910dd9ef33d3a86af1172c8a15c71d46 3002910 golang-src_1.0.2-1.1+deb7u2_amd64.deb e7e0f13b5ff90b6662389ac7665e036296c3a037e83fee9693b205818decfbdb 4523648 golang-doc_1.0.2-1.1+deb7u2_all.deb 5e0a9e3ed8828b6a66cd11ad5bf22e86e944e0a61f2f73a5d6b56577b0b317ce 2990310 golang-dbg_1.0.2-1.1+deb7u2_amd64.deb 9b1bf0916f6cea5dd51b0880dbad4e36dab6b64c45ecaab2391784bbbe498746 25398 golang_1.0.2-1.1+deb7u2_all.deb 7005b83e9b6eb0944ed530ae544b875c68f5bb8f9d1c283b371a4a896260e627 35568 golang-mode_1.0.2-1.1+deb7u2_all.deb 5374b2c3b81e4bd58ca56f5245c11aa8a26df02d562e0a0d280b34fb677bd248 26554 kate-syntax-go_1.0.2-1.1+deb7u2_all.deb 7cf0708594ab09b339b107a17d67fe73a4205aaad623dae1ca3dfc9a46092883 31056 vim-syntax-go_1.0.2-1.1+deb7u2_all.deb Files: 816c2122662e3f3cd2ea1339b00a1915 1887 devel optional golang_1.0.2-1.1+deb7u2.dsc 4c1f5c73e602d60b614e9c8dcaa90903 53596 devel optional golang_1.0.2-1.1+deb7u2.debian.tar.gz 503d2dbde332357c1369b5f2317f9b64 17293376 devel optional golang-go_1.0.2-1.1+deb7u2_amd64.deb a3d8923a62aaca7cda11abd94247248e 3002910 devel optional golang-src_1.0.2-1.1+deb7u2_amd64.deb 8f2b16a7a38b545a30627a27fa96dcac 4523648 doc optional golang-doc_1.0.2-1.1+deb7u2_all.deb 96aaee9cce96c26dec6784eba1376ec6 2990310 debug extra golang-dbg_1.0.2-1.1+deb7u2_amd64.deb a60254288b36aba44dbbb062e0720faf 25398 devel optional golang_1.0.2-1.1+deb7u2_all.deb 8c3b278c14f064b9b7a4260ff2e8cedc 35568 devel optional golang-mode_1.0.2-1.1+deb7u2_all.deb 01ab584503f778e245e0aad727b594c6 26554 devel optional kate-syntax-go_1.0.2-1.1+deb7u2_all.deb 0647c247976b0cace8d915363f7e38e3 31056 devel optional vim-syntax-go_1.0.2-1.1+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlnzT8EACgkQPqHd3bJh 2XsGCAf9F3QtyuAgePw0wFmK8rYyXehnE6gxa9RNEBPHydJsp0qevQxCgNdC71BP DsGbr1RlJsHL5jqAvbCvc16T89S5XQEgQJON100gVVk8IuqLfWV5D5sAPs6USRW9 aLINuHIKGQhIPxqcJNcT8SO6BsE6VesB3avJRoLsBRiW59BHd9bJJyAaNxE0uz4H gl6ftGO1sNlERRhyz3kN7owFtp7WpWKsIYpHj7pyAj7yLCfjr8rmZOja7AkGL5dQ 2yEPDFKP3yWJGK0VKrW5JrDiybaEdcdv38VCBBqeXXV4UU/WsKd2XiIa+BC0LeI2 jZpD8WD7C/LEGxG6eUKs0RlxvYKVjg== =N9H2 -----END PGP SIGNATURE-----