- golang-1.7 (1.7.4-2+rpi1+deb9u3) stretch-staging; urgency=medium
++golang-1.7 (1.7.4-2+rpi1+deb9u4) stretch-staging; urgency=medium
+
+ [changes brought forward from golang 2:1.5.3-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 21 Jan 2016 20:49:39 +0000]
+ * Force build for armv6.
+
+ [changes introduced in golang 2:1.6.1-2+rpi1 by Peter Michael Green]
+ * Disable testsuite.
+
- -- Raspbian forward porter <root@raspbian.org> Tue, 16 Mar 2021 16:13:07 +0000
++ -- Raspbian forward porter <root@raspbian.org> Tue, 25 Jan 2022 21:48:13 +0000
++
+ golang-1.7 (1.7.4-2+deb9u4) stretch-security; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2021-36221: Go has a race condition that can lead to a
+ net/http/httputil ReverseProxy panic upon an ErrAbortHandler
+ abort. (Closes: #991961)
+ * CVE-2021-33196: in archive/zip, a crafted file count (in an archive's
+ header) can cause a NewReader or OpenReader panic. (Closes: #989492)
+ * CVE-2021-39293: follow-up fix to CVE-2021-33196
+ * CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
+ accesses a Memory Location After the End of a Buffer, aka an
+ out-of-bounds slice situation.
+ * CVE-2021-44716: net/http allows uncontrolled memory consumption in the
+ header canonicalization cache via HTTP/2 requests.
+ * CVE-2021-44717: Go on UNIX allows write operations to an unintended
+ file or unintended network connection as a consequence of erroneous
+ closing of file descriptor 0 after file-descriptor exhaustion.
+
+ -- Sylvain Beucler <beuc@debian.org> Fri, 21 Jan 2022 19:45:18 +0100
golang-1.7 (1.7.4-2+deb9u3) stretch-security; urgency=high
projects / golang-1.7.git / commitdiff