1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted golang-github-go-jose-go-jose 4.0.1-1 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Wed Mar 13 16:30:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 13 Mar 2024 22:53:16 +0800
    Source: golang-github-go-jose-go-jose
    Architecture: source
    Version: 4.0.1-1
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Bo YU <tsu.yubo@gmail.com>
    Closes: 1065814
    Changes:
    golang-github-go-jose-go-jose (4.0.1-1) unstable; urgency=medium
    .
    * New upstream version 4.0.1
    - CVE-2024-28180: Go JOSE vulnerable to Improper Handling of
    Highly Compressed Data (Data Amplification). Reported by
    Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab
    (@zer0yu and @chenjj). (Closes: #1065814)
    * drop patch which has been applied into upstream
    Checksums-Sha1:
    f6b673a1a8bc1fce014eece154df8c774e60cc39 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc
    af1598147b98b50f313fab0d31beb6380872a533 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
    d3cd996ae8fbcc8860ce8348a560da1458f834e7 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
    f4f8f124f4fa378a1758e0239adbeff1dbf9046b 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo
    Checksums-Sha256:
    f8e4ddeb34af5a161f1aaecf59e95ff6569b3e6c79e62a6a0e61e2eddbda8e34 2450 golang-github-go-jose-go-jose_4.0.1-1.dsc
    e8177ab716bb1aaef8fa0bba5e0ee3ff1f4c7570b5a4107256c97081ed76b821 319043 golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
    32321202d04650de2f18666c52266ff529223137a2c6b38359377d7874ff46b0 3712 golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
    dd75fe6f83072acede997a8a08fc40e203c5528e646f8f9b47847c320f6b30e2 7607 golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo
    Files:
    c3bb838ed250fcf42597bfc150dfca9d 2450 golang optional golang-github-go-jose-go-jose_4.0.1-1.dsc
    a30aad661fd4efa97c08b2bdf3edc071 319043 golang optional golang-github-go-jose-go-jose_4.0.1.orig.tar.gz
    ecb2a8c1ce637a1e44179dfc3afd3f09 3712 golang optional golang-github-go-jose-go-jose_4.0.1-1.debian.tar.xz
    ba5d4f22de2de311fc237f482d721418 7607 golang optional golang-github-go-jose-go-jose_4.0.1-1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEIcmhjYVTlmab0tjp+RVP3hQ+S68FAmXxwGAACgkQ+RVP3hQ+ S68H8hAApSDhwf8DWL7ldkY0/uJ9J1EN6MCLynWJtf/zeV80xAQDy7o60w5mUe3D pHr+KvTWduDQC1fF1BfEmVbLZL7jwfjh+cwf8fRfxDc+OgE2eowcyxltz3AemaE/ YaE92tbfpDNydLKtcvPPGQcaxYf2vMKDEtP+KrJ0xLgmXtyrOrsANPWaVPjSc8UK 0LFZsinWY31djwwvukiGhQ2P6Wqzq/2lhka57Ak6dUFClivRexgoUwd82XoV0h4A mDI/LyLEj5dlu7QMs3pBqNuccnBKLDAsvsvvCDnCM5J/VpQnc0U/IudZY0MgOBSB qZiAnqQdLZiwJyABKkgT4QY8rCsQYdVuq902IDuVRTuAX9ve5tLeGYQTs980orTg WWe+LbG4M9BTHbFiKjAa6WxRqCHL3uFciwBHI5ebGO3/t3Ns5iMbYdHm4L0H28E6 LYgeIx2sM6MotdqMOfhN3AXtxlwgIxPRzbn+ef7Z4PHJ/257lFv2uBKPicwpsIme JEuwWr1Uyk9vLt4lZrz7m3L0hswztl4sFTFVXeG0Bl0s0itRP/dHBY9YBgu1aU6B clz8WHIoq1aZFJPtiJ2DtJvyfzZfvxcYeAvXvuIqH6sMgF434qnP930UMniHHoOl QZZe/42hLD5rrs8WVYIGAWSI3Cv49XOCpxRORTEsU7FAfFdYTH4=
    =JB5e
    -----END PGP SIGNATURE-----


    --==============X20641734101534600=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZfHEmAAKCRCb9qggYcy5 IRPrAQDCfUegjWXQZmZdBIc82B4tpIk3Aieu0L7Gx6Lj0Yer7gEAigdeCkUxr3Eu Jaf/4be3KyWN7JTc2jcPzJfxEWxNBwc=owsx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)