[Bug 2056309] [NEW] Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Shengjing Zhu 2056309 at bugs.launchpad.net
Wed Mar 6 10:54:10 UTC 2024 

Public bug reported:

Please sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Changelog entries since current noble version 1.21.7-2:

golang-1.21 (1.21.8-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.8
    + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
      unknown public key algorithm
    + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
    + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
      sensitive headers and cookies on HTTP redirect
    + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
      may break template escaping
    + CVE-2024-24784: net/mail: comments in display names are incorrectly
      handled
  * Update upstream signing key

 -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:14:10 +0800

** Affects: golang-1.21 (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: golang-1.21 (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.21 in Ubuntu.
https://bugs.launchpad.net/bugs/2056309

Title:
  Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Status in golang-1.21 package in Ubuntu:
  New

Bug description:
  Please sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

  Changelog entries since current noble version 1.21.7-2:

  golang-1.21 (1.21.8-1) unstable; urgency=medium

    * Team upload
    * New upstream version 1.21.8
      + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
        unknown public key algorithm
      + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
      + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
        sensitive headers and cookies on HTTP redirect
      + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
        may break template escaping
      + CVE-2024-24784: net/mail: comments in display names are incorrectly
        handled
    * Update upstream signing key

   -- Shengjing Zhu <zhsj at debian.org>  Wed, 06 Mar 2024 15:14:10 +0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.21/+bug/2056309/+subscriptions

More information about the foundations-bugs mailing list