Your message dated Mon, 15 Jun 2026 08:49:27 +0000
with message-id <[email protected]>
and subject line Bug#1136030: fixed in golang-golang-x-net 1:0.56.0-1
has caused the Debian Bug report #1136030,
regarding golang-golang-x-net: CVE-2026-33814
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136030
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-golang-x-net
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-golang-x-net.
CVE-2026-33814[0]:
| When processing HTTP/2 SETTINGS frames, transport will enter an
| infinite loop of writing CONTINUATION frames if it receives a
| SETTINGS_MAX_FRAME_SIZE with a value of 0.
https://go-review.googlesource.com/c/go/+/761581
https://go-review.googlesource.com/c/net/+/761640
https://github.com/golang/go/issues/78476
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-33814
https://www.cve.org/CVERecord?id=CVE-2026-33814
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: golang-golang-x-net
Source-Version: 1:0.56.0-1
Done: Simon Josefsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-golang-x-net, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <[email protected]> (supplier of updated golang-golang-x-net
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Jun 2026 16:08:23 +0200
Source: golang-golang-x-net
Architecture: source
Version: 1:0.56.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Simon Josefsson <[email protected]>
Closes: 1136030
Changes:
golang-golang-x-net (1:0.56.0-1) unstable; urgency=medium
.
* Team upload
* New upstream version 0.56.0
* Mention CVE-2026-33814 solved in 0.53.0 (Closes: #1136030)
* Refresh d/copyright
.
golang-golang-x-net (1:0.55.0-2) unstable; urgency=medium
.
* Team upload
* Adjust Breaks
- golang-github-andybalholm-cascadia<<1.3.4
- golang-github-johanneskaufmann-dom<<0.3.1
Checksums-Sha1:
3d633bd4bb5ffb0f1c90e786a78cf63e17faedb2 2752 golang-golang-x-net_0.56.0-1.dsc
acba1e71d72849cffbed8a7de89831e0a9765f6f 1012316
golang-golang-x-net_0.56.0.orig.tar.xz
45a9700ecaf5364ed4a8385b5c881b949b811976 17264
golang-golang-x-net_0.56.0-1.debian.tar.xz
3ca6d65e343f58e89f97c9368a52469663b64dd8 2038836
golang-golang-x-net_0.56.0-1.git.tar.xz
d985f5952059651856bd639df73134aeb5239d8a 17542
golang-golang-x-net_0.56.0-1_source.buildinfo
Checksums-Sha256:
183bba50580c439908e2266f8331be84c7bd22a7101d80c2256e72077e501fb3 2752
golang-golang-x-net_0.56.0-1.dsc
4285890f7b3ff2f98227a6433a70b31e764e3ea0c313cb3a4ee6d42fdb02cdcc 1012316
golang-golang-x-net_0.56.0.orig.tar.xz
425a97ba24ef07674d459f2565e6ab137ca9d61e06dd6664ae3187afe8735570 17264
golang-golang-x-net_0.56.0-1.debian.tar.xz
3b59e82880192419286e9c048fe7b8108fb6b1f81731b3f68d1225761a1c455c 2038836
golang-golang-x-net_0.56.0-1.git.tar.xz
ae80d5fab0cdadab9c33a7392da314646edf9ab6a6861edc7aeb6804f3ef2681 17542
golang-golang-x-net_0.56.0-1_source.buildinfo
Files:
664580e1b43080279e5119ba22ea4245 2752 golang optional
golang-golang-x-net_0.56.0-1.dsc
67914c9cb57e9d2c8f089342f671e133 1012316 golang optional
golang-golang-x-net_0.56.0.orig.tar.xz
118ea0a982b74287a7f60580b1e306c7 17264 golang optional
golang-golang-x-net_0.56.0-1.debian.tar.xz
c5c012e43ac382fef48c03c66eb63fd8 2038836 golang None
golang-golang-x-net_0.56.0-1.git.tar.xz
82dd62f778a83f5a9588c761ab67cd74 17542 golang optional
golang-golang-x-net_0.56.0-1_source.buildinfo
Git-Tag-Info: tag=952d2a862ed76fa0b692d25aaa5f8485760d6628
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmovuDYACgkQYG0ITkaD
wHkFdRAA6klnZ9QPjMKaxPwhlwHl3TThoijGvJZthnykZV17hTgb5pg+ixK/r30P
Jtm8jlgM28/6varHbmayz0SDWgMfhxy2404STf+zZDezOGUdK8FJkE7ZTgZJbsb2
zW3359G8bqwRbSAwj7HX8MTVa9muulQa8Bg0FlWMAUEEk0eM4gpofnybX9WgNBse
kXF+7FLIk8YevDkj0/vKN44+5JpZE94DO2PXkbAF+sSwspTKjHpYReNTB0UuZErT
lqXWgi6dYNqhlOTJtSpUFcajlV1AlWZiMvJXrLiOnv4WH3vKO86jR7e+1pj+Wmic
05bKr6uw84dry5c35nVE5VmUXoP+c4MdOWsTXJkeJPsDhYrq2IRjUiQP1u/Qy+Bl
PDA7v7oEDAiNj/KZSh1Hh6nPpF/KnA/167QlT+okP3zRh968a4a607x61Qxp8Z3m
Zp99DtU2l+rMS8NsrdKl/lFgc2Y+YlzhRrMzc/SwUQxgYpX3Vy+t59yPLg7amLPi
YtAEdDkpuH2eBUc4m8GWXxxtosDb8Yb3vQ/VJW4a4afpkOAeRKcCDxk1s3HhLs9C
DyiWC4HdfuNxtINEqbjpjHSU60Uhvk3DvkYJTMP0Yc9UWzjEJgd21OsQgTikEH3R
nGc/nr5X6nTmqZToi0d7HzFO4zTzwFt4DbVriINvAkSe3XyvlNk=
=GbuD
-----END PGP SIGNATURE-----
pgpjZBXZVt3XR.pgp
Description: PGP signature
--- End Message ---
