CVS commit: pkgsrc/lang/go

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/go
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Tue, 22 Dec 2015 20:44:40 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Dec 22 20:44:40 UTC 2015

Modified Files:
        pkgsrc/lang/go: Makefile distinfo
        pkgsrc/lang/go/patches: patch-lib_time_update.bash
Added Files:
        pkgsrc/lang/go/patches: patch-src_math_big_nat.go
            patch-src_math_big_nat_test.go

Log Message:
Pull in https://golang.org/cl/17672, "math/big: fix carry propagation in
Int.Exp Montgomery code", to fix CVE-2015-8618.

>From the oss-security posting that asked for a CVE:

"The Go open source project has received notification of an error in the
math/big library (https://golang.org/pkg/math/big/). The problem that was
identified is similar to CVE-2015-3193
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193>. The
vulnerability was introduced in the 1.5 release, and remains present in Go
1.5.1 and 1.5.2.

"A fix for the issue has been applied to the master branch of the Go repo
under CL 17672 <https://go-review.googlesource.com/#/c/17672/>. We will
also be releasing Go 1.5.3 to fix this vulnerability."

ok wiz@


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/go/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go/patches/patch-lib_time_update.bash
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/go/patches/patch-src_math_big_nat.go \
    pkgsrc/lang/go/patches/patch-src_math_big_nat_test.go

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2015Q3] pkgsrc/doc
Next by Date: CVS commit: pkgsrc/security/gnupg
Previous by Thread: CVS commit: [pkgsrc-2015Q3] pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/security/gnupg
Indexes:

Home | Main Index | Thread Index | Old Index