[SECURITY] [DLA 1664-1] golang security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1664-1] golang security update
From: Chris Lamb <lamby@debian.org>
Date: Wed, 06 Feb 2019 22:17:26 +0100
Message-id: <[🔎] 1549487846.1383386.1652418456.3E7F3504@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : golang
Version        : 2:1.3.3-1+deb8u1
CVE ID         : CVE-2019-6486
Debian Bug     : #920548

It was discovered that there was a denial of service vulnerability
or possibly even the ability to conduct private key recovery
attacks within in the elliptic curve cryptography handling in the
Go programming language libraries.

For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u1.

We recommend that you upgrade your golang packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxbTuAACgkQHpU+J9Qx
Hljvxw/+P54nX9e5CjJgk72BgyNL1FQf3WGxYqzfUfB3M+5LgsRP+B1Vm1qZ71cr
uFv5SDRZvKvGgVByy1/doYLnXCE8Gj2KUuKdsH0Z253aP30ITlqhv9dRnig437Qx
4d5GPpfJq2izganGfjgh07X3DebbJE1LLz993OQI+rPhxI9xJkF1Va3EFx2bUjKF
f1Zbk1siHAEUp9LYM3BIUqvbVDXjXsdvU4L6P9fgSXN1q6Ow1hxmQg2ror/q/UOw
Az6Uv2ydgodsp8ViKpXWIoIpFIJi/MpeWSi6vcd6pFpgR7uBxuxvd30qqlJYDM7J
D7Wyw8zg+P3/BRZ5Uz59/8/5leii+Sw2onMifF7UgIx9Y3xVBO3AJvks7LwRbT4y
TWe04iIQwEERehmQ8/x5mDYq8efR1BGkRWxIhIsDZKq+pd3l/DSMrif6dFObL5F9
tg8BV6bDZh79DiHmzVTIgMhsW33Af63XKJgp2KstH0Hsc0sfXJe24ZthfxYetJMf
xrEpK3gCy5AP/BOY9fKb/J7xEb25PpGUfIlOMzxf9W4v4O29aTHBLokFydBeRUG1
mrqALxWk1ht7ZrkcecczR8Hm2+7FC8NtWevVdR/r4HsnUhIhujr0R+GMz7j2imOv
HfuL/xnU67OCERw0WDiVW8Z2HbAnOP6J0Ru8BH4m737WodRjG/w=
=vynA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1662-1] libthrift-java security update
Next by Date: [SECURITY] [DLA 1665-1] netmask security update
Previous by thread: [SECURITY] [DLA 1662-1] libthrift-java security update
Next by thread: [SECURITY] [DLA 1665-1] netmask security update
Index(es):
- Date
- Thread