pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/go
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Dec 22 20:44:40 UTC 2015
Modified Files:
pkgsrc/lang/go: Makefile distinfo
pkgsrc/lang/go/patches: patch-lib_time_update.bash
Added Files:
pkgsrc/lang/go/patches: patch-src_math_big_nat.go
patch-src_math_big_nat_test.go
Log Message:
Pull in https://golang.org/cl/17672, "math/big: fix carry propagation in
Int.Exp Montgomery code", to fix CVE-2015-8618.
>From the oss-security posting that asked for a CVE:
"The Go open source project has received notification of an error in the
math/big library (https://golang.org/pkg/math/big/). The problem that was
identified is similar to CVE-2015-3193
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193>. The
vulnerability was introduced in the 1.5 release, and remains present in Go
1.5.1 and 1.5.2.
"A fix for the issue has been applied to the master branch of the Go repo
under CL 17672 <https://go-review.googlesource.com/#/c/17672/>. We will
also be releasing Go 1.5.3 to fix this vulnerability."
ok wiz@
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/go/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go/patches/patch-lib_time_update.bash
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/go/patches/patch-src_math_big_nat.go \
pkgsrc/lang/go/patches/patch-src_math_big_nat_test.go
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index