From: Raspbian automatic forward porter Date: Sun, 22 Nov 2020 00:45:12 +0000 (+0000) Subject: Merge version 1.7.4-2+rpi1 and 1.7.4-2+deb9u2 to produce 1.7.4-2+rpi1+deb9u2 X-Git-Tag: archive/raspbian/1.7.4-2+rpi1+deb9u2^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e001cf7e6aaacb34ad07ca7c261bd7d5f6c9496e;p=golang-1.7.git Merge version 1.7.4-2+rpi1 and 1.7.4-2+deb9u2 to produce 1.7.4-2+rpi1+deb9u2 --- e001cf7e6aaacb34ad07ca7c261bd7d5f6c9496e diff --cc debian/changelog index 1e461a7,d98aa70..97baaa6 --- a/debian/changelog +++ b/debian/changelog @@@ -1,12 -1,23 +1,33 @@@ - golang-1.7 (1.7.4-2+rpi1) stretch-staging; urgency=medium ++golang-1.7 (1.7.4-2+rpi1+deb9u2) stretch-staging; urgency=medium + + [changes brought forward from golang 2:1.5.3-1+rpi1 by Peter Michael Green at Thu, 21 Jan 2016 20:49:39 +0000] + * Force build for armv6. + + [changes introduced in golang 2:1.6.1-2+rpi1 by Peter Michael Green] + * Disable testsuite. + - -- Raspbian forward porter Wed, 26 Apr 2017 20:36:28 +0000 ++ -- Raspbian forward porter Sun, 22 Nov 2020 00:45:11 +0000 ++ + golang-1.7 (1.7.4-2+deb9u2) stretch-security; urgency=high + + * Non-maintainer upload by the LTS Team. + * CVE-2020-15586 + Using the 100-continue in HTTP headers received by a net/http/Server + can lead to a data race involving the connection's buffered writer. + * CVE-2020-16845 + Certain invalid inputs to ReadUvarint or ReadVarint could cause those + functions to read an unlimited number of bytes from the ByteReader + argument before returning an error. + + -- Thorsten Alteholz Fri, 20 Nov 2020 17:03:02 +0100 + + golang-1.7 (1.7.4-2+deb9u1) stretch-security; urgency=high + + * Team upload. + * Add patch to fix CVE-2019-6486 + * Add patch to fix CVE-2018-7187 + + -- Dr. Tobias Quathamer Mon, 28 Jan 2019 22:24:55 +0100 golang-1.7 (1.7.4-2) unstable; urgency=medium