[Bug 2056309] Re: Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Graham Inggs 2056309 at bugs.launchpad.net
Fri Mar 8 12:28:11 UTC 2024 

This bug was fixed in the package golang-1.21 - 1.21.8-1
Sponsored for Shengjing Zhu (zhsj)

---------------
golang-1.21 (1.21.8-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.8
    + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
      unknown public key algorithm
    + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
    + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
      sensitive headers and cookies on HTTP redirect
    + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
      may break template escaping
    + CVE-2024-24784: net/mail: comments in display names are incorrectly
      handled
  * Update upstream signing key

 -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:14:10 +0800

** Changed in: golang-1.21 (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45289

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45290

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24783

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24784

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24785

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2056309

Title:
  Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Status in golang-1.21 package in Ubuntu:
  Fix Released

Bug description:
  Please sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

  Changelog entries since current noble version 1.21.7-2:

  golang-1.21 (1.21.8-1) unstable; urgency=medium

    * Team upload
    * New upstream version 1.21.8
      + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
        unknown public key algorithm
      + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
      + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
        sensitive headers and cookies on HTTP redirect
      + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
        may break template escaping
      + CVE-2024-24784: net/mail: comments in display names are incorrectly
        handled
    * Update upstream signing key

   -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:14:10 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.21/+bug/2056309/+subscriptions

More information about the Ubuntu-sponsors mailing list