This bug was fixed in the package golang-github-lucas-clemente-quic-go - 0.59.0-2 Sponsored for Anshul Singh (levihackerman-102)
--------------- golang-github-lucas-clemente-quic-go (0.59.0-2) unstable; urgency=medium * Team upload. * Fix error in d/rules which prevented special handling of Go 1.24 -- Dr. Tobias Quathamer <[email protected]> Tue, 03 Mar 2026 18:09:49 +0100 golang-github-lucas-clemente-quic-go (0.59.0-1) unstable; urgency=medium * Team upload. * New upstream version 0.59.0 - Refresh patch - New patch: Disable testing of postquantum handshake. The tests currently fail due to a wrong CurveID, specifying a TLS identifier for a key exchange mechanism. The postQuantum tests expect X25519MLKEM768, but the used curve is X25519. - New patch: Disable TestHandshakePacketBuffering for now - Remove unneeded build dependencies - Use versioned Build-Depends on golang-github-quic-go-qpack-dev - Use actual package name of golang-github-marten-seemann-qpack-dev - Fixes CVE-2025-64702 (Closes: #1122814) Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0. * Only use GOEXPERIMENT=synctest on Go 1.24 (Closes: #1129117) * Remove Priority: optional from d/control * Remove Rules-Requires-Root from d/control * Update Standards-Version to 4.7.3 -- Dr. Tobias Quathamer <[email protected]> Mon, 02 Mar 2026 22:11:11 +0100 ** Changed in: golang-github-onsi-ginkgo-v2 (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142003 Title: Please merge 1:0.42.0+ds-1 into resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-github-lucas-clemente-quic-go/+bug/2142003/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
