[pkg-golang-devel] Security updates for golang in jessie-backports

[Potter, Tim (HPE Linux Support)]

Hi everyone.  Here I am to make everyone's lives difficult again.  (-:

I'm chasing up some security things and noticed that there is a problem with both the
jessie and jessie-backports versions of golang.  According to the security tracker we
have five open issues applicable to jessie and I haven't taken the time to check but these
could all be applicable to the jessie-backports version.  They are marked as "vulnerable
(no DSA)" - I'm not sure why.

Does anyone have any good ideas on how to proceed?

* For jessie, look at back-porting individual fixes to the 1.3 source tree

* For jessie-backports either backport individual fixes to the 1.5 source tree, or upgrade
to the 1.6 series as testing has moved on past 1.5

It looks like some messing around may be required in git to reproduce the current
branch and tag structure which will no doubt be a bunch of fun.


Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20160831/e01df157/attachment.sig>