Re: [SECURITY] [DLA 1664-1] golang security update

To: Chris Lamb <lamby@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 1664-1] golang security update
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Wed, 06 Feb 2019 17:30:51 -0500
Message-id: <[🔎] 87sgx0czxg.fsf@curie.anarc.at>
In-reply-to: <1549487846.1383386.1652418456.3E7F3504@webmail.messagingengine.com>
References: <1549487846.1383386.1652418456.3E7F3504@webmail.messagingengine.com>

On 2019-02-06 22:17:26, Chris Lamb wrote:
> It was discovered that there was a denial of service vulnerability
> or possibly even the ability to conduct private key recovery
> attacks within in the elliptic curve cryptography handling in the
> Go programming language libraries.

Hello Chris!

Have you given any thought to the impact this could have on the
build-dependencies that might be affected by this vulnerability? As you
probably know, all golang Debian packages are (as elsewhere) statically
compiled and linked so we'd need to rebuild all the rdeps to have this
properly fixed in the dependencies...

A.

-- 
Si Dieu est, l'homme est esclave ; 
or l'homme peut, doit être libre, donc Dieu n'existe pas.
Et si Dieu existait, il faudrait s'en débarrasser!
                        - Michel Bakounine

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 1664-1] golang security update
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: buffer overflow vulnerability in netmask 2.3.12
Next by Date: Re: [SECURITY] [DLA 1664-1] golang security update
Previous by thread: Re: buffer overflow vulnerability in netmask 2.3.12
Next by thread: Re: [SECURITY] [DLA 1664-1] golang security update
Index(es):
- Date
- Thread