[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 1664-1] golang security update

On 2019-02-06 22:17:26, Chris Lamb wrote:
> It was discovered that there was a denial of service vulnerability
> or possibly even the ability to conduct private key recovery
> attacks within in the elliptic curve cryptography handling in the
> Go programming language libraries.

Hello Chris!

Have you given any thought to the impact this could have on the
build-dependencies that might be affected by this vulnerability? As you
probably know, all golang Debian packages are (as elsewhere) statically
compiled and linked so we'd need to rebuild all the rdeps to have this
properly fixed in the dependencies...


Si Dieu est, l'homme est esclave ; 
or l'homme peut, doit être libre, donc Dieu n'existe pas.
Et si Dieu existait, il faudrait s'en débarrasser!
                        - Michel Bakounine

Reply to: