[pkg-golang-devel] Bug#820369: Bug#820369: golang: CVE-2016-3959: infinite loop in several big integer routines

Tianon Gravi tianon at debian.org
Wed Apr 13 06:26:08 UTC 2016

found 820369 golang/2:1.3.3-1

On 8 April 2016 at 09:25, Tianon Gravi <tianon at debian.org> wrote:
> (Go 1.5.4 and Go 1.6.1 will be released on Wednesday April 13 at
> approximately 2am UTC)

I've uploaded 1.6.1 to unstable, but attached is a patch which appears
to apply cleanly against jessie's 1.3.3 (only modified paths for src/
-> src/pkg/ from the patch that was applied via CL upstream).

- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cl-21533--cve-2016-3959.patch
Type: text/x-patch
Size: 1065 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20160412/8307c20a/attachment.bin>

More information about the pkg-golang-devel mailing list