-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Apr 2025 11:48:38 +0200
Source: golang-github-gorilla-csrf
Architecture: source
Version: 1.7.2+ds1-2
Distribution: unstable
Urgency: high
Maintainer: Debian Go Packaging Team <
team+pkg-go@tracker.debian.org> Changed-By: Andrej Shadura <
andrewsh@debian.org>
Closes: 1103584
Changes:
golang-github-gorilla-csrf (1.7.2+ds1-2) unstable; urgency=high
.
* Team upload.
* SECURITY UPDATE:
- CVE-2025-24358 / GHSA-rq77-p4h8-4crw:
Fix CSRF via form submission from origins that share a top level
domain with the target origin (Closes: #1103584).
Checksums-Sha1:
3d2dc6c23214656237ebf265eac7c5d906265456 1834 golang-github-gorilla-csrf_1.7.2+ds1-2.dsc
0cb81ad76a15745f6b4e5bb721e2db7febaa6eec 8896 golang-github-gorilla-csrf_1.7.2+ds1-2.debian.tar.xz
Checksums-Sha256:
345727ccd8f84b0bfd573740676fae752a2f0e84d8b0f5a958c0630db949f973 1834 golang-github-gorilla-csrf_1.7.2+ds1-2.dsc
fdeef1dc8b42d47cc7854b9f887c78529a1ab5240564f549e9b793259ac2ee4f 8896 golang-github-gorilla-csrf_1.7.2+ds1-2.debian.tar.xz
Files:
566b2e3595049115930557ec84633b22 1834 golang optional golang-github-gorilla-csrf_1.7.2+ds1-2.dsc
9df28b9c66067d76873cac0933b6d7fd 8896 golang optional golang-github-gorilla-csrf_1.7.2+ds1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaA9PdQAKCRDoRGtKyMdy YV4xAQDmGps7uyr2ldaJvQ8rZLtQlKbGAL7wEvjZGAKPc2uaNwEA/J4s2YwKd0TN ES7Y2Sf0BMJd5X3N1z0IKTYL8RR3oQ8=
=9Kt/
-----END PGP SIGNATURE-----
--==============ˆ48771830309613744=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaA9S8gAKCRCb9qggYcy5 IUhlAP9WZ2UumiAJNvBgjKRaCxXF9ggRakvFuTGxy5QdTyGwwQD/ZqwjSLUuSX2b gXUOVtj3UDIFgHhwax0A44oc0/+alg8=wBy7
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)