Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)
- To: "Dr. Tobias Quathamer" <toddy@debian.org>, 916642@bugs.debian.org
- Cc: Emilio Pozuelo Monfort <pochu@debian.org>, Michael Stapelberg <stapelberg@debian.org>, security@debian.org, Michael Hudson-Doyle <mwhudson@debian.org>, Tianon Gravi <tianon@debian.org>, Paul Tagliamonte <paultag@debian.org>, Martín Ferrari <tincho@debian.org>, pkg-golang-devel@alioth-lists.debian.net
- Subject: Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)
- From: James McCoy <jamessan@debian.org>
- Date: Fri, 25 Jan 2019 08:23:52 -0500
- Message-id: <[🔎] 20190125132352.xja2d6fr56po4bhy@odin.jamessan.com>
- Reply-to: James McCoy <jamessan@debian.org>, 916642@bugs.debian.org
- In-reply-to: <[🔎] 6298848d-71ae-814d-44c1-ab7ab812c07d@debian.org>
- References: <CANnVG6m=w=j0NNmMtJmRvFVZUhcXSC_xSG9-SsETpsLaN7771w@mail.gmail.com> <084921f6-a280-b411-ee67-c7ff4b44ff69@debian.org> <26640389-7e72-572a-e4a8-076d678eb01f@debian.org> <[🔎] 6298848d-71ae-814d-44c1-ab7ab812c07d@debian.org> <26640389-7e72-572a-e4a8-076d678eb01f@debian.org>
On Thu, Jan 24, 2019 at 03:00:22PM +0100, Dr. Tobias Quathamer wrote:
> Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort:
> > On 24/01/2019 08:58, Michael Stapelberg wrote:
> >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you be
> >> able to help this time, too?
> >
> > Sure. Can you give me a list of source packages to binNMU in unstable? If this
> > is public already, can you do that through a binNMU bug against release.debian.org?
> >
> > Emilio
>
> Hi all,
>
> there is already an outdated binNMU list as bug report available, so
> I'm reusing that report. Please ignore the previously attached
> binNMU list of that bug report.
>
> This should be a complete and current list of needed binNMUs:
>
>
> [‥]
> nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
This is a (common) mistake. src:serf does not use golang.
src:golang-github-hashicorp-serf is the golang package, which producees
bin:serf, however I just saw that src:serf was binNMUed.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Reply to: