Bug#993318: bullseye-pu: package golang-1.15/1.15.15-1~deb11u1

Sat, 11 Sep 2021 03:09:23 -0700 

On Tue, Aug 31, 2021 at 01:30:13AM +0800, Shengjing Zhu wrote:
> 
> Changelog:
> 
> diff -Nru golang-1.15-1.15.9/debian/changelog 
> golang-1.15-1.15.15/debian/changelog
> --- golang-1.15-1.15.9/debian/changelog       2021-07-13 13:55:42.000000000 
> +0800
> +++ golang-1.15-1.15.15/debian/changelog      2021-08-31 00:37:05.000000000 
> +0800
> @@ -1,3 +1,23 @@
> +golang-1.15 (1.15.15-1~deb11u1) bullseye; urgency=medium
> +
> +  * Team upload.
> +  * Rebuild 1.15.15 for bullseye.
> +    Fix CVE-2021-36221: net/http: panic due to racy read of persistConn
> +    after handler panic (Closes: #991961)
> +
> + -- Shengjing Zhu <z...@debian.org>  Tue, 31 Aug 2021 00:37:05 +0800
> +
> +golang-1.15 (1.15.15-1) unstable; urgency=medium
> +
> +  * Team upload.
> +  * New upstream version 1.15.15
> +  * Remove security patches which were previously backported
> +    for 1.15.9 but are already in 1.15.15
> +  * Update Standards-Version to 4.5.1, no changes needed
> +  * Change Section from devel to golang
> +
> + -- Anthony Fok <f...@debian.org>  Sun, 15 Aug 2021 16:44:15 -0600
> +
>  golang-1.15 (1.15.9-6) unstable; urgency=medium
>  
>    * Team upload.
> 

Since a new CVE is published for go compiler, I have backported to this version 
as well.
The new changes are:

diff -Nru golang-1.15-1.15.9/debian/changelog 
golang-1.15-1.15.15/debian/changelog
--- golang-1.15-1.15.9/debian/changelog 2021-07-13 13:55:42.000000000 +0800
+++ golang-1.15-1.15.15/debian/changelog        2021-09-11 15:54:07.000000000 
+0800
@@ -1,3 +1,29 @@
+golang-1.15 (1.15.15-1~deb11u1) bullseye; urgency=medium
+
+  [ Anthony Fok ]
+  * Fix Lintian warning tab-in-license-text
+    debian/copyright (starting at line 381)
+
+  [ Shengjing Zhu ]
+  * Rebuild 1.15.15 for bullseye
+    + Include fix for CVE-2021-36221 (Closes: #991961)
+      net/http: panic due to racy read of persistConn after handler panic
+  * Backport patch for CVE-2021-39293
+    archive/zip: overflow in preallocation check can cause OOM panic
+
+ -- Shengjing Zhu <z...@debian.org>  Sat, 11 Sep 2021 15:54:07 +0800
+
+golang-1.15 (1.15.15-1) unstable; urgency=medium
+
+  * Team upload.
+  * New upstream version 1.15.15
+  * Remove security patches which were previously backported
+    for 1.15.9 but are already in 1.15.15
+  * Update Standards-Version to 4.5.1, no changes needed
+  * Change Section from devel to golang
+
+ -- Anthony Fok <f...@debian.org>  Sun, 15 Aug 2021 16:44:15 -0600
+

The full diff is still at 
https://people.debian.org/~zhsj/golang-1.15_1.15.15-1~deb11u1.debdiff

Reply via email to