golang-1.18 1.18.1-1ubuntu1.1 source package in Ubuntu
Changelog
golang-1.18 (1.18.1-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: http request smuggling issue
- debian/patches/CVE-2022-1705.patch: don't strip whitespace from
Transfer-Encoding headers
- CVE-2022-1705
* SECURITY UPDATE: DoS issue due to panic
- debian/patches/CVE-2022-1962.patch: limit recursion depth
- debian/patches/CVE-2022-27664.patch: update bundled golang.org/x/net/http2
- debian/patches/CVE-2022-28131.patch: use iterative Skip, rather than
recursive
- debian/patches/CVE-2022-30630.patch: fix stack exhaustion in Glob
- debian/patches/CVE-2022-30631.patch: fix stack exhaustion bug in
Reader.Read
- debian/patches/CVE-2022-30632.patch: fix stack exhaustion in Glob
- debian/patches/CVE-2022-30633.patch: limit depth of nesting in unmarshal
- debian/patches/CVE-2022-30635.patch: add a depth limit for ignored fields
- debian/patches/CVE-2022-32189.patch: check buffer lengths in GobDecode
- debian/patches/CVE-2022-41715.patch: limit size of parsed regexps
- debian/patches/CVE-2022-41717.patch: update bundled golang.org/x/net/http2
- debian/patches/CVE-2023-24534.patch: avoid overpredicting the number of
MIME header keys
- CVE-2022-1962
- CVE-2022-27664
- CVE-2022-28131
- CVE-2022-30630
- CVE-2022-30631
- CVE-2022-30632
- CVE-2022-30633
- CVE-2022-30635
- CVE-2022-32189
- CVE-2022-41715
- CVE-2022-41717
- CVE-2023-24534
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2022-2879.patch: limit size of headers
- CVE-2022-2879
* SECURITY UPDATE: query parameter smuggling issue in Go proxy
- debian/patches/CVE-2022-2880.patch: avoid query parameter smuggling
- CVE-2022-2880
* SECURITY UPDATE: Incorrect privilege assignment issue
- debian/patches/CVE-2022-29526.patch: check correct group in Faccessat
- CVE-2022-29526
* SECURITY UPDATE: tls session takeover vulnerability
- debian/patches/CVE-2022-30629.patch: randomly generate ticket_age_add
- CVE-2022-30629
* SECURITY UPDATE: sensitive information exposure
- debian/patches/CVE-2022-32148.patch: preserve nil values in Header.Clone
- CVE-2022-32148
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2023-24537.patch: reject large line and column number
in //line directives
- CVE-2023-24537
* SECURITY UPDATE: code injection vulnerability
- debian/patches/CVE-2023-24538.patch: disallow actions in JS template
literals
- debian/patches/godebug_dep_test_error.patch: fix test dependency error
- CVE-2023-24538
-- Nishit Majithia <email address hidden> Mon, 24 Apr 2023 17:30:14 +0530
Upload details
- Uploaded by:
- Nishit Majithia
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el riscv64 s390x all
- Section:
- golang
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | main | golang | |
| Jammy | security | main | golang |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| golang-1.18_1.18.1.orig.tar.gz | 21.8 MiB | efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088 |
| golang-1.18_1.18.1-1ubuntu1.1.debian.tar.xz | 64.8 KiB | 99cb9d52894696014c29999c4d40fcc99cf81b0ae5d6630d9fd50949c2f66565 |
| golang-1.18_1.18.1-1ubuntu1.1.dsc | 2.5 KiB | e8bd5edb75e0f85039c66974b70d0fbc8a7bf09e0396dedd6e3a9e18a46a9f78 |
Available diffs
Binary packages built by this source
- golang-1.18: Go programming language compiler - metapackage
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a
dynamically typed, interpreted language.
.
This package is a metapackage that, when installed, guarantees
that (most of) a full Go development environment is installed.
.
To use this version, instead of the default one provided by golang-go
package, add /usr/lib/go-1.18/ bin/ to PATH, or invoke /usr/lib/ go-1.18/ bin/go
directly.
- golang-1.18-doc: Go programming language - documentation
The Go programming language is an open source project to make
programmers more productive. Go is expressive, concise, clean, and
efficient. Its concurrency mechanisms make it easy to write programs
that get the most out of multicore and networked machines, while its
novel type system enables flexible and modular program construction.
Go compiles quickly to machine code yet has the convenience of
garbage collection and the power of run-time reflection. It's a fast,
statically typed, compiled language that feels like a dynamically
typed, interpreted language.
.
This package provides the documentation for the Go programming
language.
- golang-1.18-go: Go programming language compiler, linker, compiled stdlib
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides an assembler, compiler, linker, and compiled libraries
for the Go programming language.
.
To use this version, instead of the default one provided by golang-go package,
add /usr/lib/go-1.18/ bin/ to PATH, or invoke /usr/lib/ go-1.18/ bin/go directly.
- golang-1.18-go-dbgsym: debug symbols for golang-1.18-go
- golang-1.18-src: Go programming language - source files
The Go programming language is an open source project to make programmers more
productive. Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of multicore
and networked machines, while its novel type system enables flexible and
modular program construction. Go compiles quickly to machine code yet has the
convenience of garbage collection and the power of run-time reflection. It's a
fast, statically typed, compiled language that feels like a dynamically typed,
interpreted language.
.
This package provides the Go programming language source files needed for
compilation.
