[Buildroot] [PATCH] go: security bump to version 1.7.4

Peter Korsgaard peter at korsgaard.com
Mon Jan 23 22:01:39 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > On Darwin, user's trust preferences for root certificates were not honored.
 > If the user had a root certificate loaded in their Keychain that was
 > explicitly not trusted, a Go program would still verify a connection using
 > that root certificate.  This is addressed by https://golang.org/cl/33721,
 > tracked in https://golang.org/issue/18141.  Thanks to Xy Ziemba for
 > identifying and reporting this issue.

 > The net/http package's Request.ParseMultipartForm method starts writing to
 > temporary files once the request body size surpasses the given "maxMemory"
 > limit.  It was possible for an attacker to generate a multipart request
 > crafted such that the server ran out of file descriptors.  This is addressed
 > by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
 > Thanks to Simon Rawet for the report.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list