[pkg-go] Bug#859655: golang-go.crypto: CVE-2017-3204

anarcat anarcat at debian.org
Fri Apr 14 19:07:02 UTC 2017

Control: user -1 debian-release at lists.debian.org
Control: usertags -1 bsp-2017-04-ca-montreal
Control: tags -1 +patch

I looked into this during the Montreal BSP, and it's unclear what we
should do here, considering there has been multiple new uploads since
the stretch freeze. 

The patch is pretty long:


... and there's no way to just backport it into stretch at this point

So I'm wondering if the next step here would not just be to ask for an
exception to unblock this for stretch, or just tell the release team to
just ignore this and drop the package from stretch.

Let me know,


Celui qui ne connaît pas l'histoire est condamné à la revivre.
                        - Karl Marx

More information about the Pkg-go-maintainers mailing list