Subject: CVS commit: pkgsrc/lang
From: Benny Siegert
Date: 2023-03-08 14:14:59
Message id: 20230308131459.38FACFA90@cvs.NetBSD.org

Log Message:
go119: update to 1.19.7

This minor release includes 1 security fix following the security policy:

crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
incorrect result if called with some specific unreduced scalars (a scalar larger
than the order of the curve).

This does not impact usages of crypto/ecdsa or crypto/ecdh.

Thanks to Guido Vranken for repoting this issue via the Ethereum Foundation bug
bounty program.

This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.

Files:
RevisionActionfile
1.175modifypkgsrc/lang/go/version.mk
1.9modifypkgsrc/lang/go119/distinfo