Re: golang-go.crypto / CVE-2019-11841
On Fri, Oct 09, 2020 at 12:17:26PM +0200, Emilio Pozuelo Monfort wrote:
> On 09/10/2020 00:23, Brian May wrote:
> > We probably need someway of keeping track of what packages have already
> > been looked at and their status with respect to this rebuild. Not really
> > convinced data/dla-needed.txt is up to this task.
>
> I would look for an automated way to do this. E.g. by downloading and
> inspecting the binaries to see if they have the affected code.
>
> I think Adrian handled a go update and its rdeps in the past. Adding him to
> Cc in case he has any ideas.
>...
I went manually through the rdeps, and claimed only Go packages with
few redps needing rebuilding.
So sorry, no easy ideas from me.
> Cheers,
> Emilio
cu
Adrian
Reply to: