[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741
Tianon Gravi
admwiggin at gmail.com
Wed Aug 12 04:53:47 UTC 2015
On 11 August 2015 at 21:40, Tianon Gravi <admwiggin at gmail.com> wrote:
>> Looks like we need to work on backporting three commits to 1.0.2,
>> 1.3.3, and 1.4.2:
>>
>> - https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
>> - https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
>> - https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
>
> Will start working on a patch we can include in 1.3.3 next.
Attached is a patch that can be included to fix 1.3.3. It _should_
differ from the patch supplied for 1.4.2 only in context -- I used Git
to cherry-pick the actual commits above (same as I did for 1.4.2), so
it's a 100% faithful representation of those commits applied against
1.3.3.
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2015-5739-5740-5741.patch
Type: text/x-patch
Size: 12443 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20150811/5078ffb0/attachment.bin>
More information about the pkg-golang-devel
mailing list