Your message dated Sat, 15 Oct 2022 16:25:18 +0000
with message-id <[email protected]>
and subject line Bug#1021785: fixed in golang-golang-x-text 0.3.8-1
has caused the Debian Bug report #1021785,
regarding golang-golang-x-text: CVE-2022-32149
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1021785: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021785
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-golang-x-text
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-golang-x-text.
CVE-2022-32149[0]:
| An attacker may cause a denial of service by crafting an Accept-
| Language header which ParseAcceptLanguage will take significant time
| to parse.
https://groups.google.com/g/golang-dev/c/qfPIly0X7aU.
https://go.dev/issue/56152
https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-32149
https://www.cve.org/CVERecord?id=CVE-2022-32149
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: golang-golang-x-text
Source-Version: 0.3.8-1
Done: Shengjing Zhu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-golang-x-text, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Shengjing Zhu <[email protected]> (supplier of updated golang-golang-x-text
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 15 Oct 2022 23:01:57 +0800
Source: golang-golang-x-text
Architecture: source
Version: 0.3.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Shengjing Zhu <[email protected]>
Closes: 1021785
Changes:
golang-golang-x-text (0.3.8-1) unstable; urgency=medium
.
* Team upload.
* New upstream release v0.3.8 (Closes: #1021785, CVE-2022-32149)
* Update Standards-Version to 4.6.1 (no changes)
Checksums-Sha1:
20f710839be77cabfe11afbd8f269344d5e84013 1617 golang-golang-x-text_0.3.8-1.dsc
b92e52b500b585ad673c25fb0449449f8d05a348 8358801
golang-golang-x-text_0.3.8.orig.tar.gz
ce5b89fb0f27b564ec834233a1ed8e8fa255277f 5564
golang-golang-x-text_0.3.8-1.debian.tar.xz
dcec60957bc0dfb9ad7974daad127a04722c3581 5742
golang-golang-x-text_0.3.8-1_amd64.buildinfo
Checksums-Sha256:
421b57843d32af654e61ef7a095e0f1ccdd96104d626a134b38a86a0e27febae 1617
golang-golang-x-text_0.3.8-1.dsc
f4f6c558d3b5530adbfc1e6787f82867801f86d9c7afc37f2ca03d630465a388 8358801
golang-golang-x-text_0.3.8.orig.tar.gz
a698eb5eeeb386b4d96825de0237a87da29717f742a94ef7ab0a0a74dbc9ca63 5564
golang-golang-x-text_0.3.8-1.debian.tar.xz
9ffd522779aaeed484fcdbea7485c62c3e8f4ef7178449b8d7f8e293cab2a2e9 5742
golang-golang-x-text_0.3.8-1_amd64.buildinfo
Files:
c18571a02e449a00733f1b034960c35b 1617 golang optional
golang-golang-x-text_0.3.8-1.dsc
4322071e08379155e8bba08890a3c322 8358801 golang optional
golang-golang-x-text_0.3.8.orig.tar.gz
1c101d9f114295d5cd0ddfff8bc922f2 5564 golang optional
golang-golang-x-text_0.3.8-1.debian.tar.xz
315d12cec9dfc1c89ea19d061b3d9fd0 5742 golang optional
golang-golang-x-text_0.3.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCY0rY6BAcemhzakBkZWJp
YW4ub3JnAAoJEH9E+iXqVRTLTWEBAMhjAmHXEu8y5QYfI2fV9m1lW4kNhT9TNLn5
Zq6frf8FAQClC46X50MDPrcaYEB3pfelQld00VV0Bz/sBBFsT5tmCA==
=xYmy
-----END PGP SIGNATURE-----
--- End Message ---
