Re: [SECURITY] [DLA 1664-1] golang security update
On 2019-02-06 22:17:26, Chris Lamb wrote:
> It was discovered that there was a denial of service vulnerability
> or possibly even the ability to conduct private key recovery
> attacks within in the elliptic curve cryptography handling in the
> Go programming language libraries.
Have you given any thought to the impact this could have on the
build-dependencies that might be affected by this vulnerability? As you
probably know, all golang Debian packages are (as elsewhere) statically
compiled and linked so we'd need to rebuild all the rdeps to have this
properly fixed in the dependencies...
Si Dieu est, l'homme est esclave ;
or l'homme peut, doit être libre, donc Dieu n'existe pas.
Et si Dieu existait, il faudrait s'en débarrasser!
- Michel Bakounine