[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741

Salvatore Bonaccorso carnil at debian.org
Mon Sep 14 15:42:13 UTC 2015

Hi Tianon, hi Paul

Apologies for not having replied earlier, this fall somehow through
the cracks.

On Tue, Aug 11, 2015 at 10:35:02PM -0700, Tianon Gravi wrote:
> On 11 August 2015 at 22:22, Tianon Gravi <admwiggin at gmail.com> wrote:
> > I haven't been able to verify proper compilation with this one yet, however.  That's my next goal.
> Ok, all patches have been tested and confirmed to apply properly and
> build properly against the relevant versions of src:golang if dropped
> in debian/patches/ and referenced from debian/patches/series
> appropriately. :)
> What are the next steps here?  I'm still only a DM, so I don't think I
> can make the relevant uploads myself (unless DMUA works for security
> uploads too?), but I'm happy to stage everything in Git/elsewhere if
> that'd be helpful!

Can you fix this in unstable? For jessie: I guess these can be
considered low severity and don't need to be updated through a DSA.
Can you contact the release team to update it via a spu?

Btw, am I correct that as well reverse dependecies of golang (using
net/http part) now would need a rebuild once these issues are fixed?


More information about the pkg-golang-devel mailing list