[Bug 2056310] [NEW] Sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)

Shengjing Zhu 2056310 at bugs.launchpad.net
Wed Mar 6 10:55:19 UTC 2024 

Public bug reported:

Please sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)

Changelog entries since current noble version 1.22.0-2:

golang-1.22 (1.22.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.22.1
    + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
      unknown public key algorithm
    + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
    + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
      sensitive headers and cookies on HTTP redirect
    + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
      may break template escaping
    + CVE-2024-24784: net/mail: comments in display names are incorrectly
      handled
  * Update upstream signing key
  * Backport patch to fix external link on riscv64 (Closes: #1065368)

 -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:09:10 +0800

** Affects: golang-1.22 (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: golang-1.22 (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.22 in Ubuntu.
https://bugs.launchpad.net/bugs/2056310

Title:
  Sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)

Status in golang-1.22 package in Ubuntu:
  New

Bug description:
  Please sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)

  Changelog entries since current noble version 1.22.0-2:

  golang-1.22 (1.22.1-1) unstable; urgency=medium

    * Team upload
    * New upstream version 1.22.1
      + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
        unknown public key algorithm
      + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
      + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
        sensitive headers and cookies on HTTP redirect
      + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
        may break template escaping
      + CVE-2024-24784: net/mail: comments in display names are incorrectly
        handled
    * Update upstream signing key
    * Backport patch to fix external link on riscv64 (Closes: #1065368)

   -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:09:10 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.22/+bug/2056310/+subscriptions

More information about the foundations-bugs mailing list