-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 25 Feb 2018 13:31:35 +0530 Source: golang Binary: golang-go golang-src golang-doc golang-dbg golang golang-mode kate-syntax-go vim-syntax-go Architecture: source amd64 all Version: 2:1.0.2-1.1+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Abhijith PA <abhijith@disroot.org> Description: golang - Go programming language compiler - metapackage golang-dbg - Go programming language compiler - debug files golang-doc - Go programming language compiler - documentation golang-go - Go programming language compiler golang-mode - Go programming language - mode for GNU Emacs golang-src - Go programming language compiler - source files kate-syntax-go - Go programming language - Kate highlighting syntax files vim-syntax-go - Go programming language - Vim highlighting syntax files Changes: golang (2:1.0.2-1.1+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2018-7187: "go get" implementation, doesnot validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. Backported from upstream development branch. Checksums-Sha1: e749c7f74e167b6ffbdf486ca5b55b4a721919d5 2232 golang_1.0.2-1.1+deb7u3.dsc 408bb361df8c34b1bba41383812154e932907526 9676404 golang_1.0.2.orig.tar.gz 0a10cab122392efcb2b82091045ada3291d38bb8 54393 golang_1.0.2-1.1+deb7u3.debian.tar.gz ba2bdcf498071abf580caedbd2743b4dc5585c00 17301450 golang-go_1.0.2-1.1+deb7u3_amd64.deb 2514343d951aa7f2e01291a7540e3c3d1e19caf5 2995328 golang-src_1.0.2-1.1+deb7u3_amd64.deb 229085ac1abe272fa71bb00d938f64c71d6ee0a3 4518874 golang-doc_1.0.2-1.1+deb7u3_all.deb 681546a18b437b81f7dcd1c3db8415a0a38f32a2 2993296 golang-dbg_1.0.2-1.1+deb7u3_amd64.deb 417fc43253ce15ec74dea0efbfd38244029e7931 25626 golang_1.0.2-1.1+deb7u3_all.deb 3e3a1a9b3c57732753cf894dca6059c01ed1fede 35874 golang-mode_1.0.2-1.1+deb7u3_all.deb b789c6c8db0c02382ae9522309edabe2191e826d 26690 kate-syntax-go_1.0.2-1.1+deb7u3_all.deb bca91c28d78ddddca8bbf536a370eab63f0160c3 31124 vim-syntax-go_1.0.2-1.1+deb7u3_all.deb Checksums-Sha256: 3bbd096462bb1ef56dd740c72e702d012a2b65eae42b174f2ac833975b47df5d 2232 golang_1.0.2-1.1+deb7u3.dsc 70fcfb455087c14cc59b7a65c78003fcd1323d73f9b991c1e52db535d6bc95a8 9676404 golang_1.0.2.orig.tar.gz 3bf956694e8b14e2a44348d341baff8f87626652ed37751dc6d66461470e914e 54393 golang_1.0.2-1.1+deb7u3.debian.tar.gz 5bc598b9bbf6ccb3c201ddf0b78942da46e50c9ededf82833dd1f8190d19356e 17301450 golang-go_1.0.2-1.1+deb7u3_amd64.deb 2ac40d8b9f80cc31eb07dc40d49006f76977a440a0a8763a0b8fb38cb26de61d 2995328 golang-src_1.0.2-1.1+deb7u3_amd64.deb 8457eb8e8bf2d5f9eb0d9a40012de652029cf6a652cd95258afa2bac2d3cc073 4518874 golang-doc_1.0.2-1.1+deb7u3_all.deb 1d45b9b68961ef11dbf995a8e2a3465385700784305fc529d744094ee42ec98c 2993296 golang-dbg_1.0.2-1.1+deb7u3_amd64.deb 4c5ee7d4975d037b56d30893a3b41e121c1da67baef8a14e56cdf8b2cd1b80d0 25626 golang_1.0.2-1.1+deb7u3_all.deb a5038fb8a7930c429ea5c03442acc8457abb8a6a805e147c29bcf44f76667f0b 35874 golang-mode_1.0.2-1.1+deb7u3_all.deb c31d312aa1653ecdb15f7d7322b3e8f43da85bbfb05932528cc5c8e707c3a8fc 26690 kate-syntax-go_1.0.2-1.1+deb7u3_all.deb a82c9879a904f7ee019e5b04117d58b789ffd4fb86c593b82d7a931acef507ba 31124 vim-syntax-go_1.0.2-1.1+deb7u3_all.deb Files: b29e29244432ad5dcd32121de6ab6f12 2232 devel optional golang_1.0.2-1.1+deb7u3.dsc 214936598fcfbd4bba61ea13f542077e 9676404 devel optional golang_1.0.2.orig.tar.gz 29553a68ee1fe90b58285e0239fd2106 54393 devel optional golang_1.0.2-1.1+deb7u3.debian.tar.gz 76e3b8c9dfd9e76c0f12839268c2fbdd 17301450 devel optional golang-go_1.0.2-1.1+deb7u3_amd64.deb 6890363415055ec11da12fe78ff1aa0f 2995328 devel optional golang-src_1.0.2-1.1+deb7u3_amd64.deb d24ff8b132af41562017990467857cfc 4518874 doc optional golang-doc_1.0.2-1.1+deb7u3_all.deb 9b31d903053850e30452834f06312815 2993296 debug extra golang-dbg_1.0.2-1.1+deb7u3_amd64.deb f33aea260eb0d8022f85ae2edda3e950 25626 devel optional golang_1.0.2-1.1+deb7u3_all.deb 77545ffc6d05b57dd6b822f372890984 35874 devel optional golang-mode_1.0.2-1.1+deb7u3_all.deb 6a6d9a79e7c185a31ed9a3375f8c58d2 26690 devel optional kate-syntax-go_1.0.2-1.1+deb7u3_all.deb eb1cf75e65a4bd9abaacadfa925194b1 31124 devel optional vim-syntax-go_1.0.2-1.1+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqS3TwACgkQHpU+J9Qx HlgcqRAAu0lPXBDm8HujpCOUpEta8ZRAdpTaN4nB00fhKPqjH8/bF29UJ+vPN8EE X0qDmHI1a0weo1CvT4JPRzUGzqd/1TjCKfJcQ9+/Xqlr7QJrLJ1WYaEsr4K6B3X+ 5f48iWVzxK/rpgrIHMvBnp5Wc++U9fR8PocrR5z6PQbzWaowM8Devi5L4pq7flEL isWhvQ/RY2b5Q1W6P5XGO4r1nT5vqft10hDoeCUdtsjDh5ga5Bacm/KRmnjFdZbc 7p+gc5/yrZsaj/a3+rnOUHmkDeyXJH/wBboIz349+fWLyW38gdCqeuueHv0uz5/6 NSMPjbnH07p8xDGO0wB4H8y3Fae4soie2tzEEIExsqs/abrr/gg4WZIHvLZhLLgn P1deN36Mm0lFlKSn7bTWK0CtMbvc3osvcqBWqQX2uqlyRPqhmCEwh2oVksKX8s6H s7JcpnI9sNZSQ17MPqzofl8LXD5I2i16nzuUTukLNCx4cwsihUYVHm5dT7yIdJGr U/R9w3HggCuoJxVbPEhMEVptgJA5cnRIQR3d4RjYakwiy52OnTNWz/QyqMpMF5bA BcO0KRphm6Sb6PPDgjWMhYDO92YihkOzaiN+2t0x/9ZJa+/OIkc2lTl71lxqkcN7 ChNP2igMwJmSsVT42slBhfJwl4v3gYLcARtKsgDLJtKN6AMCsRI= =Y8py -----END PGP SIGNATURE-----