Re: golang-go.crypto / CVE-2019-11841
Brian May <email@example.com> writes:
> Brian May <firstname.lastname@example.org> writes:
>> All of the distributions fail (as in the last two tests pass when they
>> should now), but bullseye at least fixes one of the failures. So it
>> looks like this was incorrectly marked as fixed (note bulleye and sid
>> have the same version of this package).
> I filled an upstream bug report:
Upstream responded with "That's intentional and documented in the
package and in the commit message you link to. The hash header value has
no security purposes."
I am not convinced this is the case. I have responded.
Brian May <email@example.com>