golang-1.25 - Debian Package Tracker

general

source: golang-1.25 (main)
version: 1.25.11-1
maintainer: Debian Go Compiler Team (DMD)
uploaders: Anthony Fok [DMD] – Michael Stapelberg [DMD] – Paul Tagliamonte [DMD] – Dr. Tobias Quathamer [DMD] – Tianon Gravi [DMD] – Michael Hudson-Doyle [DMD]
arch: all amd64 arm64 armel armhf i386 loong64 mips mips64el mipsel ppc64 ppc64el riscv64 s390x
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable-bpo: 1.25.10-2~bpo13+1
testing: 1.25.10-2
unstable: 1.25.11-1

versioned links

1.25.10-2~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.25.11-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-1.25
golang-1.25-doc
golang-1.25-go
golang-1.25-src

action needed

3 security issues in forky high

There are 3 open security issues in forky.

3 important issues:

CVE-2026-27145: (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
CVE-2026-42504: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
CVE-2026-42507: When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

Created: 2026-06-03 Last update: 2026-06-05 00:00

lintian reports 2 errors high

Lintian reports 2 errors about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-08 Last update: 2026-05-08 11:01

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-09-15 Last update: 2026-06-07 16:30

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-13 Last update: 2026-02-10 00:30

debian/patches: 1 patch to forward upstream low

Among the 5 debian patches available in version 1.25.11-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-05-21 Last update: 2026-06-04 19:00

news

[rss feed]

[2026-06-04] Accepted golang-1.25 1.25.11-1 (source) into unstable (Dr. Tobias Quathamer)
[2026-05-31] Accepted golang-1.25 1.25.10-2~bpo13+1 (source) into stable-backports (Mathias Gibbens)
[2026-05-26] golang-1.25 1.25.10-2 MIGRATED to testing (Debian testing watch)
[2026-05-21] Accepted golang-1.25 1.25.10-2 (source) into unstable (Dr. Tobias Quathamer)
[2026-05-17] Accepted golang-1.25 1.25.10-1~bpo13+1 (source all amd64) into stable-backports (Debian FTP Masters) (signed by: Mathias Gibbens)
[2026-05-16] golang-1.25 1.25.10-1 MIGRATED to testing (Debian testing watch)
[2026-05-07] Accepted golang-1.25 1.25.10-1 (source) into unstable (Dr. Tobias Quathamer)
[2026-04-10] golang-1.25 1.25.9-1 MIGRATED to testing (Debian testing watch)
[2026-04-08] Accepted golang-1.25 1.25.9-1 (source) into unstable (Dr. Tobias Quathamer)
[2026-03-10] golang-1.25 1.25.8-1 MIGRATED to testing (Debian testing watch)
[2026-03-07] Accepted golang-1.25 1.25.8-1 (source) into unstable (Tianon Gravi)
[2026-02-13] golang-1.25 1.25.7-2 MIGRATED to testing (Debian testing watch)
[2026-02-09] Accepted golang-1.25 1.25.7-2 (source) into unstable (Dr. Tobias Quathamer)
[2026-02-06] Accepted golang-1.25 1.25.7-1 (source) into unstable (Dr. Tobias Quathamer)
[2026-01-23] Accepted golang-1.25 1.25.6-1 (source) into unstable (Tianon Gravi)
[2025-10-16] golang-1.25 1.25.3-1 MIGRATED to testing (Debian testing watch)
[2025-10-13] Accepted golang-1.25 1.25.3-1 (source) into unstable (Tianon Gravi)
[2025-10-12] golang-1.25 1.25.2-1 MIGRATED to testing (Debian testing watch)
[2025-10-10] Accepted golang-1.25 1.25.2-1 (source) into unstable (Tianon Gravi)
[2025-09-30] golang-1.25 1.25.1-1 MIGRATED to testing (Debian testing watch)
[2025-09-28] Accepted golang-1.25 1.25.1-1 (source) into unstable (Tianon Gravi)
[2025-09-22] golang-1.25 1.25.0-2 MIGRATED to testing (Debian testing watch)
[2025-09-20] Accepted golang-1.25 1.25.0-2 (source) into unstable (Tianon Gravi)
[2025-09-16] golang-1.25 1.25.0-1 MIGRATED to testing (Debian testing watch)
[2025-09-12] Accepted golang-1.25 1.25.0-1 (source all amd64) into unstable (Debian FTP Masters) (signed by: Utkarsh Gupta)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (2, 0)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.25.9-1
1 bug