Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2015-10-06 18:37:05 by S.P.Zeidler | Files touched by this commit (4) | |
Log message:
Pullup ticket #4819 - requested by bsiegert
lang/go14: security update
Revisions pulled up:
- lang/go/version.mk 1.9
- lang/go14/Makefile 1.5
- lang/go14/PLIST 1.2
- lang/go14/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Sun Sep 27 00:36:02 UTC 2015
Modified Files:
pkgsrc/lang/go14: Makefile
Log message:
more REPLACE_BASH
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go14/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Sep 26 17:37:01 UTC 2015
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go14: Makefile PLIST distinfo
Log message:
Update go14 to 1.4.3. It fixes four security-related issues.
The issues were reported in Go's net/http package. They affect programs usi=
ng
that package to proxy HTTP requests. We recommend that all users upgrade to=
Go
1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we ha=
ve
released version 1.4.3, which is based on Go 1.4.2 plus fixes for these iss=
ues.
Affected Go programs=E2=80=94those that use the net/http package as a proxy=
server=E2=80=94must
be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.
The CVE issue descriptions and fixes are linked below.
CVE-2015-5739
"Content Length" treated as valid header:
https://go-review.googlesource.com/#/c/11772/
CVE-2015-5740
Double content-length headers does not return 400 error:
https://go-review.googlesource.com/#/c/11810/
CVE-2015-5741
Additional hardening, not sending Content-Length w/Transfer-Encoding,
Closing connections:
https://go-review.googlesource.com/#/c/11810/
https://go-review.googlesource.com/#/c/12865/
https://go-review.googlesource.com/#/c/13148/
The Go team would like to thank Jed Denlea and R=C3=A9gis Leroy for their
contributions to this release. They have been awarded 1337 USD under the Go=
ogle
Security Bounty program.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go14/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go14/PLIST
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go14/distinfo
|
Next | Query returned 1 messages, browsing 1 to 10 | previous