From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 15 Nov 2022 10:38:06 +0000 (+0000)
Subject: Merge version 1.18.7-1+rpi1 and 1.18.8-1 to produce 1.18.8-1+rpi1
X-Git-Tag: archive/raspbian/1.18.8-1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ad1006d2065d19b14b82ab8d50b94ce8a981c044;p=golang-1.18.git

Merge version 1.18.7-1+rpi1 and 1.18.8-1 to produce 1.18.8-1+rpi1
---

ad1006d2065d19b14b82ab8d50b94ce8a981c044
diff --cc debian/changelog
index a06a1fa9,634181cd..f16491a4
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,13 +1,20 @@@
- golang-1.18 (1.18.7-1+rpi1) bookworm-staging; urgency=medium
++golang-1.18 (1.18.8-1+rpi1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1.18.4-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Tue, 09 Aug 2022 16:49:03 +0000]
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 14 Oct 2022 20:00:41 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 15 Nov 2022 10:38:05 +0000
++
+ golang-1.18 (1.18.8-1) unstable; urgency=medium
+ 
+   * New upstream version 1.18.8
+     + CVE-2022-41716: syscall, os/exec: unsanitized NUL in environment variables
+       On Windows, syscall.StartProcess and os/exec.Cmd did not properly check
+       for invalid environment variable values. A malicious environment variable
+       value could exploit this behavior to set a value for a different
+       environment variable.
+ 
+  -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com>  Thu, 03 Nov 2022 08:20:54 -0500
  
  golang-1.18 (1.18.7-1) unstable; urgency=medium