[pkg-go] Bug#973967: gocode: please rebuild with dh_elpa 2.x
David Bremner
bremner at debian.org
Sun Nov 8 12:52:52 GMT 2020
Source: gocode
Version: 20170907-3
Severity: important
Tags: security
X-Debbugs-Cc: debian-emacsen at lists.debian.org, Debian Security Team <team at security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
dh_elpa prior to 1.16 is vulnerable to a path-injection bug via
$HOME. Please do a sourceful upload to rebuild against dh_elpa
2.x. This will have the additional advantage of allowing future
maintainer script bugs to be fixed without a sourceful upload.
- -- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAl+n6DAACgkQA0U5G1Wq
FSFoIhAAuaz25PVwpoZYIv86KWqbWGsmG+RVKMXKbceM79ROVo8B7dbbN9TyyL28
gvVTUvccYRwwfGjuL0dmqtgyQRPfvbTAujDyy77ApcRRhRtiFZviaVIPhaeBb+v6
4vh7xruht9138v9HAqxrJ/vGZJ9ylQYqH7+m8iqU1jPoahFxqLWc3/ONn/XsatvZ
TA/In9Chi7tVlf/VEyORQVAzK8dMwDNFrpcNlIQ6UaGLSW9511gXWSPfd1UKKU9m
PITnU6+4PUa2PvwT8zKghzZXJM+JOqIKwjwQsB5YBKAaZJ+JiOILp2/5npl2r+MC
D7wkeuHU5Tybc8VyNIUNj9t6FXf7m6w6NzgZbJw7g/01BYY+MxGW3rAglnuTzxeD
Vbya7+gC5mVsU0cqhZgP8i0Wi7LU1ZLqR02hp4P1BewpXQs4WOxgERPiYHI9la9p
Nh6DE4BXfREmmuRZRAjCxPpsvECFLZOqGDe2M/3J3Swkxnf6/OM8PHviwqxs/nAC
GvjDcv8j5VcO2UEQZy7W+odqdB4l93t7SDBtrEdmtgcHaJf88DlbcFNPd9Ic5K1n
11t3su1hHbvguT0W1GM/KZRAqnHUgEQxd+iLx7LbKh9W2I+MM4DGKzjmmYtzK0YQ
oHpCJ7Ry4q0wPwcWsSuR4a0i1XoHUvsUyAedBqzBnJqkhwR4FLg=
=/N6n
-----END PGP SIGNATURE-----
More information about the Pkg-go-maintainers
mailing list