Your message dated Mon, 25 Aug 2025 11:04:42 +0000
with message-id <[email protected]>
and subject line Bug#1075962: fixed in golang-github-gin-contrib-cors 1.7.6-1
has caused the Debian Bug report #1075962,
regarding golang-github-gin-contrib-cors: CVE-2019-25211
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1075962: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075962
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-github-gin-contrib-cors
X-Debbugs-CC: [email protected]
Severity: important upstream
Tags: security
Forwarded: https://github.com/gin-contrib/cors/pull/106
Hi,
The following vulnerability was published for
golang-github-gin-contrib-cors.
CVE-2019-25211[0]:
| parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0
| mishandles a wildcard at the end of an origin string, e.g.,
| https://example.community/* is allowed when the intention is that
| only https://example.com/* should be allowed, and
| http://localhost.example.com/* is allowed when the intention is that
| only http://localhost/* should be allowed.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-25211
https://www.cve.org/CVERecord?id=CVE-2019-25211
Please adjust the affected versions in the BTS as needed.
Best wishes
Matthias
--- End Message ---
--- Begin Message ---
Source: golang-github-gin-contrib-cors
Source-Version: 1.7.6-1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-gin-contrib-cors, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated
golang-github-gin-contrib-cors package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 10:12:10 +0200
Source: golang-github-gin-contrib-cors
Architecture: source
Version: 1.7.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1075962
Changes:
golang-github-gin-contrib-cors (1.7.6-1) unstable; urgency=medium
.
* New upstream release.
* CVE-2019-25211
fixed by new upstream version
(Closes: #1075962)
* debian/control: Update standards version to 4.7.2, no changes needed.
* debian/control: Bump debhelper from old 12 to 13.
* debian/control: add Rules-Requires-Root: no
* according to ratt nothing needs to be rebuild
Checksums-Sha1:
41d47f8fbedef101388f53c666748313006fc0a7 2489
golang-github-gin-contrib-cors_1.7.6-1.dsc
0837d2e37664742f1f73195fd2efada7436d40bf 17997
golang-github-gin-contrib-cors_1.7.6.orig.tar.gz
833f23cb060f5aadd7273e65041913c4f728255c 2608
golang-github-gin-contrib-cors_1.7.6-1.debian.tar.xz
337789f450b07426ea4c1f35e01197aa8b0b5c0d 7167
golang-github-gin-contrib-cors_1.7.6-1_amd64.buildinfo
Checksums-Sha256:
d815f43a6ca12059f6adaaaed4405bef66582e61de740a81f96aff87ddcd6a5f 2489
golang-github-gin-contrib-cors_1.7.6-1.dsc
6eb22ca9e555b38e9abe947a7321ef31682bff46428444440136b45b0cf6fa94 17997
golang-github-gin-contrib-cors_1.7.6.orig.tar.gz
66faeb4d0fb24330967fd806f90ae5676334f70ed794a5114e16ce210892436c 2608
golang-github-gin-contrib-cors_1.7.6-1.debian.tar.xz
af3aca37fbcb66806bc7d5f6353c1996d706c722fdf4e43932d4dface77cb4e1 7167
golang-github-gin-contrib-cors_1.7.6-1_amd64.buildinfo
Files:
3427d0e01d4a83ef05054b0b67e40a3f 2489 devel optional
golang-github-gin-contrib-cors_1.7.6-1.dsc
e046695a21b989aa04645a8bef014a33 17997 devel optional
golang-github-gin-contrib-cors_1.7.6.orig.tar.gz
9f7440ff5ed0141bbc1dbd660ce2167e 2608 devel optional
golang-github-gin-contrib-cors_1.7.6-1.debian.tar.xz
4f4a41316b8d410a405520008c331a69 7167 devel optional
golang-github-gin-contrib-cors_1.7.6-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmisPI5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRylbD/0a/7REIPiVT/qAqhaS8kDpMcon1wTl
O0fHKIVbh1jAkdxpl60wPH5fzXk2jsVywz1rG2FzZY+L5sYZeq7nWB1xemdfCcvJ
+d28F6jW2tUklDIiTr67n8hv+lUQnHPhv9Wox3pJRPeskd2MOAiNu3L0TTQfV0vZ
02cjj4TAv+5x7gRbRTNZRMsaXskoxab0IlBgPDoEiJ2OwJ4j1U2epLCRpTxr5f+4
ab0SR9RipaB5c7yfh1o6nt5Yr3R04zfEoMxvI03k0UN2XczsHd8mHKKNZ626jTN2
FULDXA/w4JPPe8LZCmJMMeRJV3Drifcsc/hoi7Y9eMS2pENzyhBB0oqSUtCf0HvZ
qH18ZFXoKW4RwVS+WlFGDub+i3uWWVgbupSYWQ/M9k6LAEroG1VBSy8YeWl2SuI9
zjy3T+54b4hlQG0b0MvJaHW1grcW77yG8Fvv7flQ+GwVnxNJXjVXBK/P5tIlWzIP
DOgn/EbLQ1e0Qcb65aMpIAfTeFISfdtl5ZfWowCcPqAajqSJgDwYiuCcdeZ43pVl
b/BlJR7HDYyw+KuU6sJ9LaWrU0/iQ96MQOWrpdvL7gfbk/0bWyrWF/rUlQ14q0Gb
BdL3os44zIaUu+hEB1y6qnkAqfBiN+w5uEXgLmlkTte1WmL8Zodj2v0vtaQLaOOo
KcGnLk9HIPhRDg==
=9V+V
-----END PGP SIGNATURE-----
pgpWyjNozdMq6.pgp
Description: PGP signature
--- End Message ---
