alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

go: 1.11.4 -> 1.11.5

Browse source 
https://groups.google.com/forum/#!msg/golang-announce/mVeX35iXuSw/Flp8FX7QEAAJ

We have just released Go 1.11.5 and Go 1.10.8 to address a recently reported security issue. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.11.5).

This DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.

These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.

The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the Go issue for more details.
This commit is contained in:
allowthere 2019-01-27 02:59:44 +00:00 committed by GitHub
parent cc74c0399e
commit d803da845f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/development/compilers/go/1.11.nix
View file

@ -29,13 +29,13 @@ in
stdenv.mkDerivation rec {
name = "go-${version}";
version = "1.11.4";
version = "1.11.5";
src = fetchFromGitHub {
owner = "golang";
repo = "go";
rev = "go${version}";
sha256 = "036nc17hffy0gcfs9j64qzwpjry65znbm4klf2h0xn81dp8d6mxk";
sha256 = "0d45057rc0bngq0nja847cagxji42qmlywr68f0dkg51im8nyr9y";
};
# perl is used for testing go vet