Your message dated Sun, 09 Nov 2025 01:19:15 +0000
with message-id <[email protected]>
and subject line Bug#1116584: fixed in golang-github-go-viper-mapstructure
2.4.0-1
has caused the Debian Bug report #1116584,
regarding golang-github-go-viper-mapstructure: CVE-2025-11065
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116584
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-github-go-viper-mapstructure
Version: 2.2.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for
golang-github-go-viper-mapstructure.
CVE-2025-11065[0]:
| May Leak Sensitive Information in Logs
FWIW, there is as well an earlier such issue but with no CVE
assignment. So it might simply be best to rebase to 2.4.0 for
forky and unstable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-11065
https://www.cve.org/CVERecord?id=CVE-2025-11065
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2391829
[2]
https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
[3]
https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: golang-github-go-viper-mapstructure
Source-Version: 2.4.0-1
Done: Mathias Gibbens <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-go-viper-mapstructure, which is due to be installed in the Debian
FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Gibbens <[email protected]> (supplier of updated
golang-github-go-viper-mapstructure package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 Nov 2025 00:55:27 +0000
Source: golang-github-go-viper-mapstructure
Architecture: source
Version: 2.4.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Mathias Gibbens <[email protected]>
Closes: 1116584
Changes:
golang-github-go-viper-mapstructure (2.4.0-1) unstable; urgency=medium
.
* Team upload
* New upstream release
- Includes fix for CVE-2025-11065 (Closes: #1116584)
* d/control:
- Update Standards-Version to 4.7.2 (no changes needed)
- Drop redundant Rules-Requires-Root
Checksums-Sha1:
c5d89cfd0d322a6f538da383c97587faaa22625b 2362
golang-github-go-viper-mapstructure_2.4.0-1.dsc
3f04a5cd270c283ef0832c65ae8bed19bfbf154d 53347
golang-github-go-viper-mapstructure_2.4.0.orig.tar.gz
97da63fda8b98249130980b972d200defe74906e 3588
golang-github-go-viper-mapstructure_2.4.0-1.debian.tar.xz
22b8d0e17fb862fab539fc6f5e664103b2e7b080 6064
golang-github-go-viper-mapstructure_2.4.0-1_amd64.buildinfo
Checksums-Sha256:
4b1c5e95bea00e7d99e5288016b180686594e98115667ba9cf2a73c8ef6441ae 2362
golang-github-go-viper-mapstructure_2.4.0-1.dsc
f12088bb306c7a9fc01d2d972488ee9b8921d5db0f841d021ad6d1df41774017 53347
golang-github-go-viper-mapstructure_2.4.0.orig.tar.gz
b04e8455cd51b456b106c4c000d3a5fac87dd8ba90b691b1adc4333fd1774f35 3588
golang-github-go-viper-mapstructure_2.4.0-1.debian.tar.xz
4589e1d8550e75d9197264a40cbc5af5f5923fc97226370cd6b4cd3bde56c5cb 6064
golang-github-go-viper-mapstructure_2.4.0-1_amd64.buildinfo
Files:
8e95d4bc74fbf9fa6eed68f470b90ef4 2362 golang optional
golang-github-go-viper-mapstructure_2.4.0-1.dsc
a4784041a90009b059278d30515738e3 53347 golang optional
golang-github-go-viper-mapstructure_2.4.0.orig.tar.gz
1ba257222f5c2379c144613cd44a3029 3588 golang optional
golang-github-go-viper-mapstructure_2.4.0-1.debian.tar.xz
70d4bf42e508bd634b61331b44f6b5fc 6064 golang optional
golang-github-go-viper-mapstructure_2.4.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmkP5voSHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5gAcP/iowxoUlICWdr/+r0rluk5jnZra/jzwf
vjUs8WnEcRUMeXNp5SPA27CFiEYfoDrp4A9nC3wl7s/MCEum5G7mMjwsPYM2RZNy
JlUmjN3Z9Oe+PCccw22USGnIkT0zQdqUS5Whc3ghcGjPeOxKzjbiTT9G6s8E0xUC
WiAv5FXhborzk2PGgmjCXC0VgvSFwfZl57B2v+DNwX7qB9tzNAzB33KsmFyVkWvf
GeXtVOg+vOlLeWvVj+MQHSm8bJK6w7OnLeEpSj7sFC+dCrS3CZwSbR5Nv2PVhkIf
GOcXs4amAYQztOkMISXWoHf4SOBI9um0PQ0jBYtfJLTOgU/df4JLbiK/oFn4Zffi
EqvttlKmsDjeWZD5L59Lozkhbi/qPiXpKWSKli8/rRzZHaxvRnQJqwLU/ZdmdVPV
flKYGGPuYXRqonE8JpP8W7Zo31ZWRHY8UJnHoizVT3qH59R1Xtd7MNDVLHivWJNO
ZD675CIAFTjRcetYMxkrIgkK5MLqfwdNnmt33vdObLSBm1Fs+g+u9ceMbsjUFg+9
eUnQDS7y148QwocfnMCFXUiZ1MQTdx2Y6zyjm1w8zVuRoHMC7ok8jjGJSfA9U13O
O8YMsAsuvgnU6lBV2YckFF+ebWK46lAmpKvqdpBMS5AHRPDqymLs7t/xQhG/WXTr
WEKn1elaCwHX
=fqnU
-----END PGP SIGNATURE-----
pgpklfqNQcCam.pgp
Description: PGP signature
--- End Message ---
