[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741

Tianon Gravi admwiggin at gmail.com
Mon Sep 14 15:46:23 UTC 2015

On 14 September 2015 at 08:42, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Can you fix this in unstable? For jessie: I guess these can be
> considered low severity and don't need to be updated through a DSA.
> Can you contact the release team to update it via a spu?

Sure, fixing in unstable's pretty easy. :)

I'm also a DD now, so if there's more process you'd like me to follow
on top of that, I'm happy to give it a shot, but I'll need a little
guidance. :)

> Btw, am I correct that as well reverse dependecies of golang (using
> net/http part) now would need a rebuild once these issues are fixed?

Yeah, that's correct, but only technically rev-deps that aren't
arch:all (since those are the -dev deps that only contain source).

- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

More information about the pkg-golang-devel mailing list