Navigation:
Browse pkgsrc
(this page)Log Message: Pull in https://golang.org/cl/17672, "math/big: fix carry propagation in Int.Exp Montgomery code", to fix CVE-2015-8618. From the oss-security posting that asked for a CVE: "The Go open source project has received notification of an error in the math/big library (https://golang.org/pkg/math/big/). The problem that was identified is similar to CVE-2015-3193 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193>. The vulnerability was introduced in the 1.5 release, and remains present in Go 1.5.1 and 1.5.2. "A fix for the issue has been applied to the master branch of the Go repo under CL 17672 <https://go-review.googlesource.com/#/c/17672/>. We will also be releasing Go 1.5.3 to fix this vulnerability." ok wiz@
New packages: