golang-1.26 (1.26.1-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/go-team/compiler/golang.git -b golang-1.26
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: golang-1.26
Path: debian/changelog
Repo size: 12304384
Browser: https://salsa.debian.org/go-team/compiler/golang/tree/golang-1.26
Last scan: 2026-03-07 17:31:27+00
Next scan: 2026-03-13 13:16:00+00
Merge requests: 1

Debian changelog in Git:

golang-1.26 (1.26.1-1) unstable; urgency=medium

  * Update to 1.26.1 upstream release
    https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk/m/41DopX_WAAAJ
    - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints
    - CVE-2026-27138: crypto/x509: panic in name constraint checking for
                      malformed certificates
    - CVE-2026-27142: html/template: URLs in meta content attribute actions
                      are not escaped
    - CVE-2026-25679: net/url: reject IPv6 literal not at start of host
    - CVE-2026-27139: os: FileInfo can escape from a Root
  * Drop 0004-Replace-localhostCert-and-localhostKey.patch (obsolete via
    https://github.com/golang/go/commit/c5723195a670a09e64769554163ae12b25839819)

 -- Tianon Gravi <tianon@debian.org>  Fri, 06 Mar 2026 16:41:19 -0800

This branch is even with tag debian/1.26.1-1