golang-github-dvsekhvalnov-jose2go - Debian Package Tracker

general

source: golang-github-dvsekhvalnov-jose2go (main)
version: 1.5-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Tianon Gravi [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3-1
oldstable: 1.5-1
stable: 1.5-1
testing: 1.5-1
unstable: 1.5-1

versioned links

1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-dvsekhvalnov-jose2go-dev

action needed

A new upstream version is available: 1.7.0 high

A new upstream version 1.7.0 is available, you should consider packaging it.

Created: 2021-02-01 Last update: 2024-11-08 22:01

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2023-50658: The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Created: 2023-12-27 Last update: 2024-08-15 08:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-50658: The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Created: 2023-12-27 Last update: 2024-08-15 08:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.5-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit d412246988aad0b492486cc7df744e60812aa6db
Author: Tianon Gravi <tianon@debian.org>
Date:   Wed Feb 23 12:26:44 2022 -0800

    Remove self from Uploaders

commit a13317e273fda6fb0fcafa1c5d5159165f8285f5
Merge: 770ac61 3a5be93
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Thu Feb 17 18:58:57 2022 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request go-team/packages/golang-github-dvsekhvalnov-jose2go!3

commit 3a5be93f97c5befebf207ac2455b03888d54644f
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Feb 2 16:57:04 2022 +0000

    Update standards version to 4.6.0, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 9ec7fdb27c26ae4a9d8d5cf77849b01cf08e0d86
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Feb 2 16:57:04 2022 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html

commit 770ac61aa0f47b2cfb2c5beb9d40eb6e68d06030
Author: Aloïs Micard <creekorful@debian.org>
Date:   Wed Dec 1 11:58:45 2021 +0000

    [skip ci] update debian/gitlab-ci.yml (using pkg-go-tools/ci-config)
    
    See: https://salsa.debian.org/go-team/infra/pkg-go-tools
    Gbp-Dch: Ignore

commit 4db69bf735e4e25c16cafae1cf6e32767ac86ba8
Merge: a4e417a b009304
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Thu Sep 30 00:11:15 2021 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Set upstream metadata fields: Repository, Repository-Browse
    
    See merge request go-team/packages/golang-github-dvsekhvalnov-jose2go!2

commit b0093042ce6d09ecc1ea32fba23bda75a1d015a9
Author: Jenkins <jenkins@jenkins.debian.net>
Date:   Fri Sep 24 04:40:43 2021 +0000

    Set upstream metadata fields: Repository, Repository-Browse.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-repository
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-repository.html

Created: 2021-09-30 Last update: 2024-11-08 08:05

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-50658: (needs triaging) The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-12-27 Last update: 2024-08-15 08:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2024-04-07 13:14

news

[rss feed]

[2021-01-31] golang-github-dvsekhvalnov-jose2go 1.5-1 MIGRATED to testing (Debian testing watch)
[2021-01-28] Accepted golang-github-dvsekhvalnov-jose2go 1.5-1 (source) into unstable (Shengjing Zhu)
[2018-04-28] golang-github-dvsekhvalnov-jose2go 1.3-1 MIGRATED to testing (Debian testing watch)
[2018-04-22] Accepted golang-github-dvsekhvalnov-jose2go 1.3-1 (source) into unstable (Alexandre Viau)
[2015-10-25] golang-github-dvsekhvalnov-jose2go 1.2-1 MIGRATED to testing (Britney)
[2015-10-19] Accepted golang-github-dvsekhvalnov-jose2go 1.2-1 (source) into unstable (Tianon Gravi) (signed by: Andrew Page)
[2015-10-17] golang-github-dvsekhvalnov-jose2go 1.1-1 MIGRATED to testing (Britney)
[2015-10-11] Accepted golang-github-dvsekhvalnov-jose2go 1.1-1 (source all) into unstable, unstable (Tianon Gravi) (signed by: Andrew Page)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.5-1