1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1107390: marked as done (golang-1.23: CVE-2025-4673) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Tue Jun 17 04:50:01 2025
    [continued from previous message]

    To: 1107390-close@bugs.debian.org
    X-DAK: dak process-upload
    X-Debian: DAK
    X-Debian-Package: golang-1.23
    Debian: DAK
    Debian-Changes: golang-1.23_1.23.10-1_source.changes
    Debian-Source: golang-1.23
    Debian-Version: 1.23.10-1
    Debian-Architecture: source
    Debian-Suite: unstable
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1107390: fixed in golang-1.23 1.23.10-1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============1629882896718948658=="
    Message-Id: <E1uRMD2-00ACky-6P@fasolo.debian.org>
    Date: Tue, 17 Jun 2025 02:38:00 +0000
    X-CrossAssassin-Score: 2

    --===============1629882896718948658==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: golang-1.23
    Source-Version: 1.23.10-1
    Done: Anshul Singh <anshul.singh@canonical.com>

    We believe that the bug you reported is fixed in the latest version of golang-1.23, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to 1107390@bugs.debian.org,
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Anshul Singh <anshul.singh@canonical.com> (supplier of updated golang-1.23 package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 16 Jun 2025 13:10:51 +0200
    Source: golang-1.23
    Built-For-Profiles: noudeb
    Architecture: source
    Version: 1.23.10-1
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org> Changed-By: Anshul Singh <anshul.singh@canonical.com>
    Closes: 1104816 1107390
    Changes:
    golang-1.23 (1.23.10-1) unstable; urgency=medium
    .
    * Team upload
    * New upstream version 1.23.10
    + CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (Closes: #1107390)
    + CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
    + CVE-2025-22873: os: Root permits access to parent directory (Closes: #1104816)
    Checksums-Sha1:
    2e9582990ddcf6fa37786e71ada8057dd33c6777 2904 golang-1.23_1.23.10-1.dsc
    62d5ccb6f7db603bfd65de7382a0a9c99b81b837 28183775 golang-1.23_1.23.10.orig.tar.gz
    7e5e308eb2fcbd052af4d625131dd92f71f278d8 833 golang-1.23_1.23.10.orig.tar.gz.asc
    625b18ec08f234b38feac6bf2e04c45448054918 42076 golang-1.23_1.23.10-1.debian.tar.xz
    142e6a44d42a6945905316731a94beb20a5c61f4 7584 golang-1.23_1.23.10-1_source.buildinfo
    Checksums-Sha256:
    fe19e67cde602585b08e1f1f5e77bb53dcc2ec1a9950efafffd36d55bd305c68 2904 golang-1.23_1.23.10-1.dsc
    800a7ae1bff179a227b653a2f644517c800443b8b4abf3273af5e1cb7113de59 28183775 golang-1.23_1.23.10.orig.tar.gz
    ad61283800f9fdaa3d71bf608a074cac19cc5b5b44fe383d2a452216d3efbf78 833 golang-1.23_1.23.10.orig.tar.gz.asc
    d89501956a9a640767fb92082424c5b1fc674f2aa6982c84c1e192ddd1d8a302 42076 golang-1.23_1.23.10-1.debian.tar.xz
    4f8a5aed00955c4f11019a0a6d2b73c47accab7354020ae9ed13a449907cd09f 7584 golang-1.23_1.23.10-1_source.buildinfo
    Files:
    76431bc65a78a92f2a092e78a542d4ff 2904 golang optional golang-1.23_1.23.10-1.dsc
    4aa33824a01bd8f852086ce5907a414b 28183775 golang optional golang-1.23_1.23.10.orig.tar.gz
    c71a73cdfc4d9f5a89c14892881518e0 833 golang optional golang-1.23_1.23.10.orig.tar.gz.asc
    241dba32534f9ab177b5d515b726e096 42076 golang optional golang-1.23_1.23.10-1.debian.tar.xz
    5d028049d5178cf53b441f42feeb6610 7584 golang optional golang-1.23_1.23.10-1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEiiBE+E9xaoW3f/djEd9ClMyjmJMFAmhQyzMACgkQEd9ClMyj mJMUDhAAkdI7ImbIb5E12cxz079ea/Sik7VyoBMcGWnxH/2ZhGMScipPZjfWh69m nFuS/cweri98L8TKTexUIuTZby+Q8YoKzVuVTmhFAxuSAWn8tkvxTanLfVs+pV3e q4oy67hKlVYOsFGZwSWo15QZPuMyZNVyAepk57S2DjzMvCm55aYyLYUlMVz8jksy XPj9YUa7gBMTd6N13RQDCWqfw3YvuvcFOvfHsnovC9QAMbkPG9O6KlA4/V2xEStN vEdBy5JZaRhSJwYp7F0CZwtOJRhLED19XZpB7SmKQRjnHnX0WCs4lG5Ri/f3lqub F10SqjwKl77a4cssB7x7XCwsV0wc/kCfJxX4GiPIQPHviLKwN/hQHMHj3ckhjUwm vdYn/0d+E9frDJjlb3Oar/CtdORg/s3DZEQje6YvTD7tH04h4B+OshpSU5YMzvrk pJB0MRFSSPz8KKqt+c9J83PDs/P0dbXhqWnEUY+Nbk6t8fLSbAUUU0vaa4xx6VCs i6Rmas5xIvNi+yTYFpcMzXORSsdbGqzKG0BdO0/Lxq1SsAi2yO5f4RHTSuNsloU6 +sxQ8WjQZ3cQHplhKa7FZp6PrVoZ0nyVe3wiIrFGCrJUPwQxwtMbZDYE1uYVbo/g hRKjV8PKeT/P/V0xYYmyNHwK/ioEGPY6wakXGmGF/bzZP8t2FYU=
    =f0j0
    -----END PGP SIGNATURE-----


    --==============29882896718948658=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaFDVCAAKCRCb9qggYcy5 ITC7AP0SF4Cr5bKKa/l8pHnRlVH/l9eM+QYZyMFNt/9RYvRntgD/Xnqs+1AHwrMD G2c0hR9U0Qj0PZhKCOYcWvg/xD81AwQ‘Oe
    -----END PGP SIGNATURE-----

    --==============29882896718948658==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)