[ubuntu/focal-proposed] golang-1.13 1.13.7-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Sat Feb 1 07:59:17 UTC 2020 

golang-1.13 (1.13.7-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - cherry-pick upstream build fixes from 1.14 branch
    - debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
    - debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:

golang-1.13 (1.13.7-1) unstable; urgency=medium

  * New upstream version 1.13.7
    - cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs.
      When int is 32 bits wide (on 32-bit architectures like 386 and arm),
      an overflow could occur, causing a panic, due to malformed ASN.1
      being passed to any of the ASN1 methods of String.
      This fixes CVE-2020-7919 and was found thanks to the
      Project Wycheproof test vectors.
  * Update upstream's signing key

Date: Sat, 01 Feb 2020 08:58:30 +0100
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Go Compiler Team <team+go-compiler at tracker.debian.org>
https://launchpad.net/ubuntu/+source/golang-1.13/1.13.7-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 Feb 2020 08:58:30 +0100
Source: golang-1.13
Binary: golang-1.13-go golang-1.13-src golang-1.13-doc golang-1.13
Architecture: source
Version: 1.13.7-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Go Compiler Team <team+go-compiler at tracker.debian.org>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 golang-1.13 - Go programming language compiler - metapackage
 golang-1.13-doc - Go programming language - documentation
 golang-1.13-go - Go programming language compiler, linker, compiled stdlib
 golang-1.13-src - Go programming language - source files
Changes:
 golang-1.13 (1.13.7-1ubuntu1) focal; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - cherry-pick upstream build fixes from 1.14 branch
     - debian/patches/d3595f71712ce1b322f754ef985005e87fac6d44.patch:
     - debian/patches/5d548f1243df8d586a03df085b40299f1e427fb1.patch:
 .
 golang-1.13 (1.13.7-1) unstable; urgency=medium
 .
   * New upstream version 1.13.7
     - cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs.
       When int is 32 bits wide (on 32-bit architectures like 386 and arm),
       an overflow could occur, causing a panic, due to malformed ASN.1
       being passed to any of the ASN1 methods of String.
       This fixes CVE-2020-7919 and was found thanks to the
       Project Wycheproof test vectors.
   * Update upstream's signing key
Checksums-Sha1:
 2d50e85b13c7f1cd864a802397a6b281803fb4a9 2617 golang-1.13_1.13.7-1ubuntu1.dsc
 5656ed6a77e67f30628cd78af8170d85f2fc6fcd 21563722 golang-1.13_1.13.7.orig.tar.gz
 ed1523a0d3ce42b34e56f9b4067199a566bf6a76 37292 golang-1.13_1.13.7-1ubuntu1.debian.tar.xz
 b1933e4549f55662aee0fc2b4d98bd7c1d4233e2 7310 golang-1.13_1.13.7-1ubuntu1_source.buildinfo
Checksums-Sha256:
 908675fed37a4e01c19c1609bb548dcba9174315945d4ee6633fe11df9da53cd 2617 golang-1.13_1.13.7-1ubuntu1.dsc
 ad6d394ebb42b45e8998aca96bd06ebc51fd50ea53954dc2a48ee8c1ac67fd8b 21563722 golang-1.13_1.13.7.orig.tar.gz
 05fef10036fb7e22a9b6b733e8de986d06778bba9f2bcd61d6933af32a1022b0 37292 golang-1.13_1.13.7-1ubuntu1.debian.tar.xz
 9c3666c30cb5cabda7eb789fb97714a92729bdb22a55dab934532fb436ff76bc 7310 golang-1.13_1.13.7-1ubuntu1_source.buildinfo
Files:
 3213193cdccf7a52511d67bdc7d810ff 2617 devel optional golang-1.13_1.13.7-1ubuntu1.dsc
 936cf6ad31c60ad4129d2e468178e6d7 21563722 devel optional golang-1.13_1.13.7.orig.tar.gz
 225890a0aa789bcfb0d6d6a51ad85085 37292 devel optional golang-1.13_1.13.7-1ubuntu1.debian.tar.xz
 d41d31ac5b06a1e7823d899737aac0c8 7310 devel optional golang-1.13_1.13.7-1ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAl41L7sACgkQ808JdE6f
Xdl4VhAA301SKkt/Lk7IDwQQqWSUI4ZLGLZRr3dPRGTev4aTLJNLSH7zXI2T1aKm
qXVjur7f9Gw4A8+UzJiNG+QvfrjzAF4HJCCNM92Evr5yCiZ0UOm6kZQtxugUYqub
yFtKGwskMjltja8fyF2pU/jFLlobr+IppG40+LJGAC2Ax5dtyFgJqd3EgCo3E9W1
rEvN5xOdr9PLUhUFW7oqlPqVnkqQTuFT/iRpjJ5dtwceIVdWBb9UWiTaj56zSl21
jLAT5mBzwCr+X2MPeoigH65SeiIvuzdV2pEH+4CK2uZex+dFRMR2GzKpCpxVxOjx
PE+MeVn4pyN6A5H9f00ADXreTjQSxM6bCzTP9pBziUThrSpVhj7CR15J+dPs5mnl
JG5O9ZtRkAwxke+d1OC/LX4hwU9lF89qMJm/VgXvqKCKDjunP7GdDAXOspKmAwDs
w+z8OwIgomthl3gQ0m803I52GBg/XdMCQylqYYX4FvPpJnfz/9DtAv3yy/zCe/mA
0Fr7IIzI6V2ZSQxcYu1TG0rj6tHqQ0PVDANzv1iP0H+lLg1wQVXa0W27Kn8h5knf
5mUUE2An+8hcvou6hc9r14QN87+83n+6ZgE2FwmLYO+IvOpXa/y8KhAJa09ZgEJ7
48PMmtcQ7ZSW6mOeOIHd68qFcZIJq4JvMPbcB59hxtYVyZOZXBk=
=DaM0
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list