Subject: CVS commit: [pkgsrc-2018Q4] pkgsrc/lang
From: S.P.Zeidler
Date: 2019-02-08 12:30:53
Message id: 20190208113053.37D09FB16@cvs.NetBSD.org

Log Message:
Pullup ticket #5905 - requested by bsiegert
lang/go110: security update

Revisions pulled up:
- lang/go/version.mk                                            1.55
- lang/go110/distinfo                                           1.4

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Thu Jan 24 09:33:08 UTC 2019

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go110: distinfo

   Log Message:
   Update go110 to 1.10.8 (security).

   This release addresses a recently supported security issue. This DoS
   vulnerability in the crypto/elliptic implementations of the P-521 and P-384
   elliptic curves may let an attacker craft inputs that consume excessive
   amounts of CPU.

   These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
   tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
   key is reused more than once, the attack can also lead to key recovery.

   The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
   See the Go issue for more details.

   To generate a diff of this commit:
   cvs rdiff -u -r1.54 -r1.55 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go110/distinfo

Files:
RevisionActionfile
1.53.2.1modifypkgsrc/lang/go/version.mk
1.3.2.1modifypkgsrc/lang/go110/distinfo