Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Benny Siegert
Date: 2025-02-07 11:17:49
Message id: 20250207101749.D5C6CFBE0@cvs.NetBSD.org
Log Message:
Update go122 to 1.22.12 and go123 to 1.23.6.
This is a security update but it only applies on the ppc64le platform.
These minor releases include 1 security fix following the security policy:
- crypto/elliptic: timing sidechannel for P-256 on ppc64le
Due to the usage of a variable time instruction in the assembly
implementation of an internal function, a small number of bits of secret
scalars are leaked on the ppc64le architecture. Due to the way this
function is used, we do not believe this leakage is enough to allow
recovery of the private key when P-256 is used in any well known
protocols.
This is CVE-2025-22866 and Go issue https://go.dev/issue/71383.
Files: