Bug#991961: marked as done (golang-1.15: CVE-2021-36221)

[Debian Bug Tracking System]

Your message dated Mon, 16 Aug 2021 15:09:34 +0200
with message-id <yrpjjiimgfjm5...@eldamar.lan>
and subject line Re: Accepted golang-1.15 1.15.15-1 (source) into unstable
has caused the Debian Bug report #991961,
regarding golang-1.15: CVE-2021-36221
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: golang-1.15
Version: 1.15.9-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/golang/go/issues/46866
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for golang-1.15.

CVE-2021-36221[0]:
| net/http: panic due to racy read of persistConn after handler panic

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-36221
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221
[1] https://github.com/golang/go/issues/46866

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: golang-1.15
Source-Version: 1.15.15-1

On Sun, Aug 15, 2021 at 11:35:35PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Format: 1.8
> Date: Sun, 15 Aug 2021 16:44:15 -0600
> Source: golang-1.15
> Architecture: source
> Version: 1.15.15-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Go Compiler Team <team+go-compi...@tracker.debian.org>
> Changed-By: Anthony Fok <f...@debian.org>
> Changes:
>  golang-1.15 (1.15.15-1) unstable; urgency=medium
>  .
>    * Team upload.
>    * New upstream version 1.15.15
>    * Remove security patches which were previously backported
>      for 1.15.9 but are already in 1.15.15
>    * Update Standards-Version to 4.5.1, no changes needed
>    * Change Section from devel to golang

This fixes CVE-2021-36221 / #991961, so closing manually.

Regards,
Salvatore

--- End Message ---