[Bug 2015340] Re: Sync golang-1.19 1.19.8-1 (main) from Debian experimental (main)

Graham Inggs 2015340 at bugs.launchpad.net
Wed Apr 5 11:27:19 UTC 2023 

This bug was fixed in the package golang-1.19 - 1.19.8-1
Sponsored for Shengjing Zhu (zhsj)

---------------
golang-1.19 (1.19.8-1) experimental; urgency=medium

  * Team upload
  * New upstream version 1.19.8
    + CVE-2023-24537: go/parser: infinite loop in parsing
    + CVE-2023-24538: html/template: backticks not treated as string delimiters
    + CVE-2023-24534: net/http, net/textproto: denial of service from excessive
      memory allocation
    + CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
      service from excessive resource consumption

 -- Shengjing Zhu <zhsj at debian.org>  Wed, 05 Apr 2023 02:15:56 +0800

** Changed in: golang-1.19 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24534

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24536

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24537

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24538

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.19 in Ubuntu.
https://bugs.launchpad.net/bugs/2015340

Title:
  Sync golang-1.19 1.19.8-1 (main) from Debian experimental (main)

Status in golang-1.19 package in Ubuntu:
  Fix Released

Bug description:
  Please sync golang-1.19 1.19.8-1 (main) from Debian experimental
  (main)

  Changelog entries since current lunar version 1.19.7-1:

  golang-1.19 (1.19.8-1) experimental; urgency=medium

    * Team upload
    * New upstream version 1.19.8
      + CVE-2023-24537: go/parser: infinite loop in parsing
      + CVE-2023-24538: html/template: backticks not treated as string delimiters
      + CVE-2023-24534: net/http, net/textproto: denial of service from excessive
        memory allocation
      + CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
        service from excessive resource consumption

   -- Shengjing Zhu <zhsj at debian.org>  Wed, 05 Apr 2023 02:15:56 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.19/+bug/2015340/+subscriptions

More information about the foundations-bugs mailing list