[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741
Tianon Gravi
admwiggin at gmail.com
Mon Aug 10 23:04:28 UTC 2015
On 10 August 2015 at 09:45, Salvatore Bonaccorso <carnil at debian.org> wrote:
> See https://marc.info/?l=oss-security&m=143885136906807&w=2 for the
> CVE assignments for the issues.
Looks like we need to work on backporting three commits to 1.0.2,
1.3.3, and 1.4.2:
- https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
- https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
- https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
I foolishly started my attempts with 1.0.2 so I'm not making a lot of
progress. I'd imagine the patches will be simpler to apply to 1.4.2
first (since it's much more recent and should have a more familiar
codebase to what the patches are expecting).
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
More information about the pkg-golang-devel
mailing list