[Buildroot] [PATCH] package/go: security bump to version 1.13.3

Anisse Astier anisse at astier.eu
Sun Oct 27 21:31:19 UTC 2019


Le dim. 27 oct. 2019 à 22:27, Peter Korsgaard <peter at korsgaard.com> a
écrit :

> Fixes the following security issues (1.33.2):
>
> - CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
>   In particular, using crypto/x509.Verify on a crafted X.509 certificate
>   chain can lead to a panic, even if the certificates don’t chain to a
>   trusted root.  The chain can be delivered via a crypto/tls connection to
> a
>   client, or to a server that accepts and verifies client certificates.
>   net/http clients can be made to crash by an HTTPS server, while net/http
>   servers that accept client certificates will recover the panic and are
>   unaffected.
>
> Additionally, 1.13.3 fixes a number of issues. From the release notes:
>
> Fixes to the go command, the toolchain, the runtime, syscall, net,
> net/http,
> and crypto/ecdsa packages
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
>

Thanks Peter,

Anisse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20191027/c7e502bb/attachment-0002.html>


More information about the buildroot mailing list