[Buildroot] [PATCH] go: security bump to version 1.7.4
Peter Korsgaard
peter at korsgaard.com
Mon Jan 23 22:01:39 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> On Darwin, user's trust preferences for root certificates were not honored.
> If the user had a root certificate loaded in their Keychain that was
> explicitly not trusted, a Go program would still verify a connection using
> that root certificate. This is addressed by https://golang.org/cl/33721,
> tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for
> identifying and reporting this issue.
> The net/http package's Request.ParseMultipartForm method starts writing to
> temporary files once the request body size surpasses the given "maxMemory"
> limit. It was possible for an attacker to generate a multipart request
> crafted such that the server ran out of file descriptors. This is addressed
> by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
> Thanks to Simon Rawet for the report.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list