Debian Package Tracker

general

source: golang-1.11 (updates)
version: 1.11.6-1+deb10u3
maintainer: Go Compiler Team (DMD)
uploaders: Michael Hudson-Doyle [DMD] – Dr. Tobias Quathamer [DMD] – Michael Stapelberg [DMD] – Tianon Gravi [DMD] – Paul Tagliamonte [DMD]
arch: all amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el s390x
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 1.11.5-1~bpo9+1
stable: 1.11.6-1+deb10u3
stable-sec: 1.11.6-1+deb10u3

versioned links

1.11.5-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.6-1+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-1.11
golang-1.11-doc
golang-1.11-go
golang-1.11-src

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

A new upstream version is available: 1.11.13 high

A new upstream version 1.11.13 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-01-21 18:01

10 security issues in buster high

There are 10 open security issues in buster.

6 important issues:

CVE-2020-28362: Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVE-2020-28366: Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.
CVE-2020-28367: Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
CVE-2020-29509: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVE-2020-29510: The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVE-2020-29511: The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

4 issues skipped by the security teams:

CVE-2020-15586: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-16845: Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-24553: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVE-2020-7919: Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Please fix them.

Created: 2020-01-31 Last update: 2020-12-18 10:35

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.11.13-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2019-08-25 Last update: 2021-01-14 16:04

news

[rss feed]

[2019-10-29] Accepted golang-1.11 1.11.6-1+deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Dr. Tobias Quathamer)
[2019-10-25] Accepted golang-1.11 1.11.6-1+deb10u3 (source) into stable->embargoed, stable (Dr. Tobias Quathamer)
[2019-09-28] Accepted golang-1.11 1.11.6-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Dr. Tobias Quathamer)
[2019-09-27] Accepted golang-1.11 1.11.6-1+deb10u2 (source) into stable->embargoed, stable (Dr. Tobias Quathamer)
[2019-08-26] golang-1.11 REMOVED from testing (Debian testing watch)
[2019-08-25] Removed 1.11.13-1 from unstable (Debian FTP Masters)
[2019-08-25] golang-1.11 1.11.13-1 MIGRATED to testing (Debian testing watch)
[2019-08-21] Accepted golang-1.11 1.11.6-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Dr. Tobias Quathamer)
[2019-08-18] Accepted golang-1.11 1.11.6-1+deb10u1 (source) into stable->embargoed, stable (Dr. Tobias Quathamer)
[2019-08-15] Accepted golang-1.11 1.11.13-1 (source) into unstable (Dr. Tobias Quathamer)
[2019-08-13] Accepted golang-1.11 1.11.12-4 (source) into unstable (Anthony Fok)
[2019-08-10] Accepted golang-1.11 1.11.12-3 (source all amd64) into unstable (Anthony Fok)
[2019-07-15] Accepted golang-1.11 1.11.12-2 (source) into unstable (Dr. Tobias Quathamer)
[2019-07-09] Accepted golang-1.11 1.11.12-1 (source) into unstable (Dr. Tobias Quathamer)
[2019-03-28] golang-1.11 1.11.6-1 MIGRATED to testing (Debian testing watch)
[2019-03-17] Accepted golang-1.11 1.11.6-1 (source) into unstable (Michael Hudson-Doyle)
[2019-01-29] Accepted golang-1.11 1.11.5-1~bpo9+1 (all amd64 source) into stretch-backports (Dr. Tobias Quathamer)
[2019-01-26] golang-1.11 1.11.5-1 MIGRATED to testing (Debian testing watch)
[2019-01-24] Accepted golang-1.11 1.11.5-1 (source) into unstable (Michael Stapelberg)
[2019-01-11] Accepted golang-1.11 1.11.4-4~bpo9+1 (all amd64 source) into stretch-backports, stretch-backports (Dr. Tobias Quathamer)
[2019-01-03] golang-1.11 1.11.4-4 MIGRATED to testing (Debian testing watch)
[2018-12-28] Accepted golang-1.11 1.11.4-4 (source) into unstable (Anthony Fok)
[2018-12-26] Accepted golang-1.11 1.11.4-3 (source) into unstable (Anthony Fok)
[2018-12-23] Accepted golang-1.11 1.11.4-2 (source) into unstable (Dr. Tobias Quathamer)
[2018-12-16] Accepted golang-1.11 1.11.4-1 (source) into unstable (Dr. Tobias Quathamer)
[2018-12-13] Accepted golang-1.11 1.11.3-1 (source) into unstable (Dr. Tobias Quathamer)
[2018-12-01] golang-1.11 1.11.2-2 MIGRATED to testing (Debian testing watch)
[2018-11-26] Accepted golang-1.11 1.11.2-2 (source) into unstable (Michael Hudson-Doyle)
[2018-11-23] Accepted golang-1.11 1.11.2-1 (source all amd64) into unstable, unstable (Dr. Tobias Quathamer)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots