[SECURITY] [DLA 1840-1] golang-go.crypto security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : golang-go.crypto
Version : 0.0~hg190-1+deb8u1
CVE ID : CVE-2019-11840
A flaw was found in the amd64 implementation of salsa20. If more
than 256 GiB of keystream is generated, or if the counter otherwise
grows greater than 32 bits, the amd64 implementation will first generate
incorrect output, and then cycle back to previously generated keystream.
For Debian 8 "Jessie", this problem has been fixed in version
0.0~hg190-1+deb8u1.
obfs4proxy has been rebuilt as version 0.0.3-2+deb8u1.
We recommend that you upgrade your golang-golang-x-crypto-dev
and obfs4proxy packages, and rebuild any software using
golang-golang-x-crypto-dev.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl0ZAC4ACgkQiNJCh6LY
mLH2HA/+Ig7oPKv3/25zBz1kdC9shIP2m3p0F8JG1pvD4g2eqRs8SwKIoFvUwoJp
mUQWpHIpGepVfLnq1so/0IoN+R9NhmeH0HrDUM6K9iLN/0io5wOmG4N4U0wDVkKD
dPFGhA64zDmRxIWxP4Hhbj8Qohe/WbeM4t1l5+mbveFZHRfY7kEgEIPKAXSpVFo6
0uoDjsjWIvNkezx8+MMsLtFQ7MQIvObt8uvdV7U4+1wBC3e57wRtECoXcapNsyDv
2xcALTxLIvxORWXB7XQFV8G+kYa1qyoh/4KfQQnlQ4dZxUMUIe1o2zm4hyNTil8L
33FjtN6UjS7KfOYszLwh+JbKnkGFWRGksHb+PrAT6CpEkacRvaVgayzvBmSJ1UC/
H2hZ2wkapupX+gzTlyxMuE+gzppWYmIc9Pn8MonxWxZRFJGkMKNPho/JBCpTwwzX
PwkzYBGOl/wLiomXDNAtYn2ccfcHTqerQhZFr//7K48qvq4vdtMLVah8WWHecasc
ETGA0+Q3Blri0fX6hxIXUBNftzSFWZG8JhAS58oJTDJIUOms+VFVvwhCGRJXSq9j
Ss/JmE0IN7CHXs9ZzUgN87lz6r22GtvVEUOe7U7xSPZkNU2ytWgJZI6dHFegocgp
YGL7T08Mm8IhDqx97B/b7AaV3YHPEkriUP4tu5yGpf8GEoEjFzg=
=gixn
-----END PGP SIGNATURE-----
Reply to: