[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741
Tianon Gravi
admwiggin at gmail.com
Mon Sep 14 15:46:23 UTC 2015
On 14 September 2015 at 08:42, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Can you fix this in unstable? For jessie: I guess these can be
> considered low severity and don't need to be updated through a DSA.
> Can you contact the release team to update it via a spu?
Sure, fixing in unstable's pretty easy. :)
I'm also a DD now, so if there's more process you'd like me to follow
on top of that, I'm happy to give it a shot, but I'll need a little
guidance. :)
> Btw, am I correct that as well reverse dependecies of golang (using
> net/http part) now would need a rebuild once these issues are fixed?
Yeah, that's correct, but only technically rev-deps that aren't
arch:all (since those are the -dev deps that only contain source).
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
More information about the pkg-golang-devel
mailing list