[ubuntu/resolute-proposed] golang-github-lucas-clemente-quic-go 0.59.0-2 (Accepted)
Anshul Singh
anshul.singh at canonical.com
Fri Mar 20 07:11:46 UTC 2026
golang-github-lucas-clemente-quic-go (0.59.0-2) unstable; urgency=medium
* Team upload.
* Fix error in d/rules which prevented special handling of Go 1.24
golang-github-lucas-clemente-quic-go (0.59.0-1) unstable; urgency=medium
* Team upload.
* New upstream version 0.59.0
- Refresh patch
- New patch: Disable testing of postquantum handshake.
The tests currently fail due to a wrong CurveID, specifying
a TLS identifier for a key exchange mechanism.
The postQuantum tests expect X25519MLKEM768, but the used
curve is X25519.
- New patch: Disable TestHandshakePacketBuffering for now
- Remove unneeded build dependencies
- Use versioned Build-Depends on golang-github-quic-go-qpack-dev
- Use actual package name of golang-github-marten-seemann-qpack-dev
- Fixes CVE-2025-64702 (Closes: #1122814)
Versions 0.56.0 and below are vulnerable to excessive memory
allocation through quic-go's HTTP/3 client and server
implementations by sending a QPACK-encoded HEADERS frame that
decodes into a large header field section (many unique header
names and/or large values). The implementation builds an
http.Header (used on the http.Request and http.Response,
respectively), while only enforcing limits on the size of the
(QPACK-compressed) HEADERS frame, but not on the decoded header,
leading to memory exhaustion.
This issue is fixed in version 0.57.0.
* Only use GOEXPERIMENT=synctest on Go 1.24 (Closes: #1129117)
* Remove Priority: optional from d/control
* Remove Rules-Requires-Root from d/control
* Update Standards-Version to 4.7.3
Date: 2026-03-03 22:31:25.165537+00:00
Signed-By: Vladimir Petko <vladimir.petko at canonical.com>
https://launchpad.net/ubuntu/+source/golang-github-lucas-clemente-quic-go/0.59.0-2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list