: VCS has seen 1 commit since the debian/1.17.1-1 tag
- Git: https://salsa.debian.org/go-team/compiler/golang.git -b golang-1.17
- Branch: golang-1.17
- Path: debian/changelog
- Browser: https://salsa.debian.org/go-team/compiler/golang/tree/golang-1.17
- Last scan: 2021-09-19 09:23:25+00
- Next scan: 2021-09-25 19:11:00+00
- Debian changelog in Git:
golang-1.17 (1.17.1-1) unstable; urgency=high
* New upstream version 1.17.1
+ CVE-2021-39293: security fix to the archive/zip package
The fix for CVE-2021-33196 can be bypassed by crafted inputs.
As a result, the NewReader and OpenReader functions in archive/zip
can still cause a panic or an unrecoverable fatal error when reading
an archive that claims to contain a large number of files,
regardless of its actual size.
Thanks to the OSS-Fuzz project for discovering this issue
and to Emmanuel Odeke for reporting it.
+ bug fixes to the archive/zip, go/internal/gccgoimporter,
html/template, net/http, and runtime/pprof packages
* Re-add "Multi-Arch: foreign" hint
* Rename Maintainer from "Go Compiler Team" to "Debian Go Compiler Team"
* Bump Standards-Version to 4.6.0 (no change)
-- Anthony Fok <email@example.com> Fri, 10 Sep 2021 18:01:21 -0600
- This branch is 1 commit ahead of tag debian/1.17.1-1
- Git log:
Author: Anthony Fok <firstname.lastname@example.org>
Date: Fri Sep 10 18:33:24 2021 -0600
Fix Lintian warning: tab-in-license-text
debian/copyright (starting at line 366)