[Bug 2034690] [NEW] Sync golang-1.21 1.21.1-1 (main) from Debian unstable (main)

Shengjing Zhu 2034690 at bugs.launchpad.net
Thu Sep 7 10:47:30 UTC 2023 

Public bug reported:

Please sync golang-1.21 1.21.1-1 (main) from Debian unstable (main)

Changelog entries since current mantic version 1.21.0-1:

golang-1.21 (1.21.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.1
    + CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
      execution
    + CVE-2023-39318: html/template: improper handling of HTML-like comments
      within script contexts
    + CVE-2023-39319: html/template: improper handling of special tags within
      script contexts
    + CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing
      post-handshake message on QUIC connections

 -- Shengjing Zhu <zhsj at debian.org>  Thu, 07 Sep 2023 11:51:55 +0800

** Affects: golang-1.21 (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: golang-1.21 (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.21 in Ubuntu.
https://bugs.launchpad.net/bugs/2034690

Title:
  Sync golang-1.21 1.21.1-1 (main) from Debian unstable (main)

Status in golang-1.21 package in Ubuntu:
  New

Bug description:
  Please sync golang-1.21 1.21.1-1 (main) from Debian unstable (main)

  Changelog entries since current mantic version 1.21.0-1:

  golang-1.21 (1.21.1-1) unstable; urgency=medium

    * Team upload
    * New upstream version 1.21.1
      + CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
        execution
      + CVE-2023-39318: html/template: improper handling of HTML-like comments
        within script contexts
      + CVE-2023-39319: html/template: improper handling of special tags within
        script contexts
      + CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing
        post-handshake message on QUIC connections

   -- Shengjing Zhu <zhsj at debian.org>  Thu, 07 Sep 2023 11:51:55 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.21/+bug/2034690/+subscriptions

More information about the foundations-bugs mailing list