[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)

Thanks for the list. Do you mind sharing how you generated it?

On Thu, Jan 24, 2019 at 3:00 PM Dr. Tobias Quathamer <toddy@debian.org> wrote:
Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort:
> On 24/01/2019 08:58, Michael Stapelberg wrote:
>> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you be
>> able to help this time, too?
>
> Sure. Can you give me a list of source packages to binNMU in unstable? If this
> is public already, can you do that through a binNMU bug against release.debian.org?
>
> Emilio

Hi all,

there is already an outdated binNMU list as bug report available, so
I'm reusing that report. Please ignore the previously attached
binNMU list of that bug report.

This should be a complete and current list of needed binNMUs:


  nmu abci_0.0~git20170124.0.f94ae5e-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu acbuild_0.4.0+dfsg-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu acmetool_0.0.62-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu aptly_1.3.0+ds1-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu aptly-api_1.3.0+ds1-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu arduino-builder_1.3.25-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu autodeb-server_0.20.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu autodeb-worker_0.20.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu balboa_1.0-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu webext-browserpass_2.0.22-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu burrow_1.1.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu cadvisor_0.27.1+dfsg2-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu canid_0.0~git20180613.007c9af-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu certspotter_0.9-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu chasquid_0.06-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu codesearch_0.0~hg20120502-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu consul_1.0.7~dfsg1-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu consulfs_0.2-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu continuity_0.0~git20180216.d8fb858-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu coyim_0.3.8+ds-6 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu debiman_0.0~git20180905.9955035-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu debos_1.0.0+git20181105.b02e058-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu dh-make-golang_0.0~git20180827.d94f0cb-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu dnss_0.0~git20180721.0.2de63ab0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu docker-registry_2.6.2~ds1-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu elvish_0.12+ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu etcd-client_3.2.18+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu etcd-server_3.2.18+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu etcd-fs_0.0+git20140621.0.395eacb-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ethflux_1.0-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu fdroidcl_0.4.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu fscrypt_0.2.4-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu libpam-fscrypt_0.2.4-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu git-sizer_1.2.0+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gitaly_0.129.0+debian-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gitlab-runner_11.2.0+dfsg-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gitlab-workhorse_7.6.0+debian-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu go-cve-dictionary_0.3.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu go-dep_0.5.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu go-exploitdb_0.0~git20181130.7c961e7-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu go-md2man_1.0.8+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu wire_1.0~rc+git20161223.40.2f3b7aa-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gobgpd_1.33-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gobuster_1.4.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gocode_20170907-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gocryptfs_1.6.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu goiardi_0.11.8-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu go-bindata_3.0.7+git20151023.72.a0ff256-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu chroma_0.6.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu docker2aci_0.17.2+dfsg-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu appc-spec_0.8.11+dfsg-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu tmpl_0.0~git20160209.0.8e77bc5-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu genxdr_2.0.1-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-cfssl_1.2.0+git20160825.89.7fb22c8-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-redoctober_0.0~git20161017.0.78e9720-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu suffixfsm_0.0~git20150829.56e4718-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-docker-credential-helpers_0.6.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu amber_0.0~git20171010.cdade1c-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-rice_0.0~git20160123.0.0f3f5fd-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu fakemachine_0.0~git20181105.9316584-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-go-debos-fakemachine-dev_0.0~git20181105.9316584-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu mockgen_1.0.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gucumber_0.0~git20160715.0.71608e2-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu protoc-gen-yarpc_0.0~git20180222.f0da2db-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-easyjson_0.0~git20161103.0.159cdb8-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu mmark_1.3.6+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu goi18n_1.10.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu cli-spinner_0.0~git20150423.610063b-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ripper_0.0~git20150415.0.bd1a682-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-pelletier-go-toml_1.2.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu peg-go_1.0.0-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-statik_0.1.1-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu cobra_0.0.3-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu minify_2.3.8-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu msgp_1.0.2-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-ugorji-go-codec_1.1.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu tar-split_0.10.2-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu lego_0.3.1-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-xordataexchange-crypt_0.0.2+git20170626.21.b2862e3-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ace_0.0.5-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-glide_0.13.1-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gogoprotobuf_1.0.0+git20180330.1ef32a8b-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gogottrpc_0.0~git20180205.d452837-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ebnflint_0.0~git20181112.a3060d4-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-golang-x-tools_1:0.0~git20180501.d3e4ceb5+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-petname_2.5~git20160928-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-vhost-dev_0.0~git20140120-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golint_0.0+git20161013.3390df4-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu google-cloud-print-connector_1.12-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gopass_1.2.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gosu_1.10-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu goval-dictionary_0.1.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu govendor_1.0.9+ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gox_0.3.0-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu heartbleeder_0.1.1-8 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu hellfire_0.0~git20180708.bf3c390-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu influxdb_1.6.4-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu influxdb-client_1.6.4-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu irtt_0.9.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu jid_0.7.2-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu jp_0.1.3-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu kubernetes-client_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu kubernetes-master_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu kubernetes-node_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu merkleeyes_0.0~git20170130.0.549dd01-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu minica_1.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu mongo-tools_3.4.14-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu morty_0.2.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu mtail_3.0.0~rc16-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ncbi-entrez-direct_10.5.20181204+ds-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu notary_0.6.1~ds1-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu obfs4proxy_0.0.7-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu packer_1.3.1+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu peco_0.5.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu pk4_5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu pluginhook_0~20150216.0~a320158-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus_2.6.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-apache-exporter_0.5.0+ds-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-bind-exporter_0.2~git20161221+dfsg-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-bird-exporter_1.2.2-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-blackbox-exporter_0.13.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-haproxy-exporter_0.9.0+git20180917+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-mailexporter_1.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-mongodb-exporter_1.0.0+git20180522.e755a44-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-mysqld-exporter_0.11.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-nginx-exporter_0.1.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-nginx-vts-exporter_0.10.3+git20180501.43b4556+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-node-exporter_0.17.0+ds-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-postgres-exporter_0.4.6+ds-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-pushgateway_0.7.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-sql-exporter_0.2.0.ds-5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-varnish-exporter_1.2-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu pt-websocket_0.2-8 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu ratt_0.0~git20180127.c44413c-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu rawdns_1.6~ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu rclone_1.45-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu reflex_0.2.0+git20181022.3df204f-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu rkt_1.30.0+dfsg-7 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu robustirc-bridge_1.8-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu runc_1.0.0~rc5+dfsg1-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu sia_1.3.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu skydns_2.5.3a+git20160623.41.00ade30-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu slinkwatch_1.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu slt_0.0.git20140301-4 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu stenographer_0.0~git20161206.0.66a8e7e-10 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu textql_2.0.3-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu toxiproxy_2.0.0+dfsg1-6 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu toxiproxy-cli_2.0.0+dfsg1-6 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu umoci_0.4.0+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu webhook_2.5.0-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu winrmcp_0.0~git20170607.0.078cc0a-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu wuzz_0.3.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'


Regards,
Tobias



--
Best regards,
Michael
Reply to: