From: Sylvain Beucler <beuc@debian.org>
Date: Tue, 26 Apr 2022 17:32:45 +0000 (+0100)
Subject: golang-1.7 (1.7.4-2+deb9u5) stretch-security; urgency=high
X-Git-Tag: archive/raspbian/1.7.4-2+rpi1+deb9u5^2~22
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ff1172b7d623a286e6b0da76fbbfcc0b32f8cf47;p=golang-1.7.git

golang-1.7 (1.7.4-2+deb9u5) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2022-23772: Rat.SetString in math/big has an overflow that can
    lead to Uncontrolled Memory Consumption.
  * CVE-2022-23806: Curve.IsOnCurve in crypto/elliptic can incorrectly
    return true in situations with a big.Int value that is not a valid
    field element.
  * CVE-2022-24921: regexp.Compile allows stack exhaustion via a deeply
    nested expression.

[dgit import unpatched golang-1.7 1.7.4-2+deb9u5]
---

ff1172b7d623a286e6b0da76fbbfcc0b32f8cf47