[Deepin Integration]~[v25-Release] golang-google-grpc: Fix CVE-2026-33186 by deepin-ci-robot@deepin-community/golang-google-grpc by deepin-community-ci-bot[bot]

[deepin-bot]

Package information | 软件包信息

包名	版本
golang-google-grpc	1.64.0-6deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-3925/testing/ ./

Changelog | 更新信息

golang-google-grpc (1.64.0-6deepin1) unstable; urgency=medium

• Fix CVE-2026-33186: Authorization bypass via malformed :path header
  . gRPC-Go server was too lenient in its routing logic, accepting
  requests where the :path omitted the mandatory leading slash. This
  could allow requests to bypass path-based authorization
  interceptors. . This patch adds strict path checking to reject
  requests with non-canonical paths (missing the leading slash).

[deepin-bot]

Integration Test Info

Test suggestion | 测试建议

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

[deepin-bot]

IntegrationProjector Notify the author
@deepin: Integrated issue updated

[deepin-bot]

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#3925