Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2019-02-08 12:31:19 by S.P.Zeidler | Files touched by this commit (2) | |
Log message:
Pullup ticket #5906 - requested by bsiegert
lang/go111: security update
Revisions pulled up:
- lang/go/version.mk 1.54
- lang/go111/distinfo 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Jan 24 09:26:21 UTC 2019
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go111: distinfo
Log message:
Update go111 to 1.11.5 (security).
This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.
The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go111/distinfo
|
Next | Query returned 1 messages, browsing 1 to 10 | previous