-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Mar 2024 22:53:16 +0800
Source: golang-github-go-jose-go-jose
Architecture: source
Version: 4.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <
team+pkg-go@tracker.debian.org> Changed-By: Bo YU <
tsu.yubo@gmail.com>
Closes: 1065814
Changes:
golang-github-go-jose-go-jose (4.0.1-1) unstable; urgency=medium
.
* New upstream version 4.0.1
- CVE-2024-28180: Go JOSE vulnerable to Improper Handling of
Highly Compressed Data (Data Amplification). Reported by
Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab
(@zer0yu and @chenjj). (Closes: #1065814)
* drop patch which has been applied into upstream
Checksums-Sha1:
f6b673a1a8bc1fce014eece154df8c774e60cc39 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc
af1598147b98b50f313fab0d31beb6380872a533 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
d3cd996ae8fbcc8860ce8348a560da1458f834e7 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
f4f8f124f4fa378a1758e0239adbeff1dbf9046b 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo
Checksums-Sha256:
f8e4ddeb34af5a161f1aaecf59e95ff6569b3e6c79e62a6a0e61e2eddbda8e34 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc
e8177ab716bb1aaef8fa0bba5e0ee3ff1f4c7570b5a4107256c97081ed76b821 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
32321202d04650de2f18666c52266ff529223137a2c6b38359377d7874ff46b0 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
dd75fe6f83072acede997a8a08fc40e203c5528e646f8f9b47847c320f6b30e2 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo
Files:
c3bb838ed250fcf42597bfc150dfca9d 2450 golang optional golang-github-go-jose-go-jose_4.0.1-1.dsc
a30aad661fd4efa97c08b2bdf3edc071 319043 golang optional golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
ecb2a8c1ce637a1e44179dfc3afd3f09 3712 golang optional golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
ba5d4f22de2de311fc237f482d721418 7607 golang optional golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIcmhjYVTlmab0tjp+RVP3hQ+S68FAmXxwGAACgkQ+RVP3hQ+ S68H8hAApSDhwf8DWL7ldkY0/uJ9J1EN6MCLynWJtf/zeV80xAQDy7o60w5mUe3D pHr+KvTWduDQC1fF1BfEmVbLZL7jwfjh+cwf8fRfxDc+OgE2eowcyxltz3AemaE/ YaE92tbfpDNydLKtcvPPGQcaxYf2vMKDEtP+KrJ0xLgmXtyrOrsANPWaVPjSc8UK 0LFZsinWY31djwwvukiGhQ2P6Wqzq/2lhka57Ak6dUFClivRexgoUwd82XoV0h4A mDI/LyLEj5dlu7QMs3pBqNuccnBKLDAsvsvvCDnCM5J/VpQnc0U/IudZY0MgOBSB qZiAnqQdLZiwJyABKkgT4QY8rCsQYdVuq902IDuVRTuAX9ve5tLeGYQTs980orTg WWe+LbG4M9BTHbFiKjAa6WxRqCHL3uFciwBHI5ebGO3/t3Ns5iMbYdHm4L0H28E6 LYgeIx2sM6MotdqMOfhN3AXtxlwgIxPRzbn+ef7Z4PHJ/257lFv2uBKPicwpsIme JEuwWr1Uyk9vLt4lZrz7m3L0hswztl4sFTFVXeG0Bl0s0itRP/dHBY9YBgu1aU6B clz8WHIoq1aZFJPtiJ2DtJvyfzZfvxcYeAvXvuIqH6sMgF434qnP930UMniHHoOl QZZe/42hLD5rrs8WVYIGAWSI3Cv49XOCpxRORTEsU7FAfFdYTH4=
=JB5e
-----END PGP SIGNATURE-----
--==============X20641734101534600=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZfHEmAAKCRCb9qggYcy5 IRPrAQDCfUegjWXQZmZdBIc82B4tpIk3Aieu0L7Gx6Lj0Yer7gEAigdeCkUxr3Eu Jaf/4be3KyWN7JTc2jcPzJfxEWxNBwc=owsx
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)