[pkg-golang-devel] golang CVE-2019-6486 (DoS in crypto/elliptic)

Michael Stapelberg stapelberg at debian.org
Thu Jan 24 14:05:11 GMT 2019 

Thanks for the list. Do you mind sharing how you generated it?

On Thu, Jan 24, 2019 at 3:00 PM Dr. Tobias Quathamer <toddy at debian.org>
wrote:

> Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort:
> > On 24/01/2019 08:58, Michael Stapelberg wrote:
> >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would
> you be
> >> able to help this time, too?
> >
> > Sure. Can you give me a list of source packages to binNMU in unstable?
> If this
> > is public already, can you do that through a binNMU bug against
> release.debian.org?
> >
> > Emilio
>
> Hi all,
>
> there is already an outdated binNMU list as bug report available, so
> I'm reusing that report. Please ignore the previously attached
> binNMU list of that bug report.
>
> This should be a complete and current list of needed binNMUs:
>
>
>   nmu abci_0.0~git20170124.0.f94ae5e-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu acbuild_0.4.0+dfsg-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu acmetool_0.0.62-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu aptly_1.3.0+ds1-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu aptly-api_1.3.0+ds1-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu arduino-builder_1.3.25-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu autodeb-server_0.20.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu autodeb-worker_0.20.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu balboa_1.0-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu webext-browserpass_2.0.22-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu burrow_1.1.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu cadvisor_0.27.1+dfsg2-4 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu canid_0.0~git20180613.007c9af-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu certspotter_0.9-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu chasquid_0.06-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu codesearch_0.0~hg20120502-3 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu consul_1.0.7~dfsg1-5 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu consulfs_0.2-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu continuity_0.0~git20180216.d8fb858-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu coyim_0.3.8+ds-6 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu debiman_0.0~git20180905.9955035-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu debos_1.0.0+git20181105.b02e058-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu dh-make-golang_0.0~git20180827.d94f0cb-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu dnss_0.0~git20180721.0.2de63ab0-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu docker-registry_2.6.2~ds1-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu elvish_0.12+ds1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu etcd-client_3.2.18+dfsg-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu etcd-server_3.2.18+dfsg-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu etcd-fs_0.0+git20140621.0.395eacb-4 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu ethflux_1.0-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu fdroidcl_0.4.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu fscrypt_0.2.4-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu libpam-fscrypt_0.2.4-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu git-sizer_1.2.0+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gitaly_0.129.0+debian-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gitlab-runner_11.2.0+dfsg-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu gitlab-workhorse_7.6.0+debian-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu go-cve-dictionary_0.3.1-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu go-dep_0.5.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu go-exploitdb_0.0~git20181130.7c961e7-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu go-md2man_1.0.8+ds-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu wire_1.0~rc+git20161223.40.2f3b7aa-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu gobgpd_1.33-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gobuster_1.4.1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gocode_20170907-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gocryptfs_1.6.1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu goiardi_0.11.8-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu go-bindata_3.0.7+git20151023.72.a0ff256-3 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu chroma_0.6.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu docker2aci_0.17.2+dfsg-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu appc-spec_0.8.11+dfsg-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu tmpl_0.0~git20160209.0.8e77bc5-5 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu genxdr_2.0.1-5 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu golang-cfssl_1.2.0+git20160825.89.7fb22c8-3 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu golang-redoctober_0.0~git20161017.0.78e9720-3 . ANY . -m 'Rebuild
> with current golang-1.11 (CVE-2019-6486)'
>   nmu suffixfsm_0.0~git20150829.56e4718-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golang-docker-credential-helpers_0.6.1-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu amber_0.0~git20171010.cdade1c-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golang-rice_0.0~git20160123.0.0f3f5fd-4 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu fakemachine_0.0~git20181105.9316584-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu golang-github-go-debos-fakemachine-dev_0.0~git20181105.9316584-1 .
> ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu mockgen_1.0.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gucumber_0.0~git20160715.0.71608e2-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu protoc-gen-yarpc_0.0~git20180222.f0da2db-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu golang-easyjson_0.0~git20161103.0.159cdb8-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu mmark_1.3.6+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu goi18n_1.10.0-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu cli-spinner_0.0~git20150423.610063b-4 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu ripper_0.0~git20150415.0.bd1a682-3 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golang-github-pelletier-go-toml_1.2.0-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu peg-go_1.0.0-5 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu golang-statik_0.1.1-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu cobra_0.0.3-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu minify_2.3.8-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu msgp_1.0.2-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu golang-github-ugorji-go-codec_1.1.1-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu tar-split_0.10.2-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu lego_0.3.1-5 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu golang-github-xordataexchange-crypt_0.0.2+git20170626.21.b2862e3-2 .
> ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu ace_0.0.5-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu golang-glide_0.13.1-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gogoprotobuf_1.0.0+git20180330.1ef32a8b-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu gogottrpc_0.0~git20180205.d452837-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu ebnflint_0.0~git20181112.a3060d4-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golang-golang-x-tools_1:0.0~git20180501.d3e4ceb5+ds-1 . ANY . -m
> 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu golang-petname_2.5~git20160928-3 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golang-vhost-dev_0.0~git20140120-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu golint_0.0+git20161013.3390df4-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu google-cloud-print-connector_1.12-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu gopass_1.2.0-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gosu_1.10-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu goval-dictionary_0.1.0-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu govendor_1.0.9+ds1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu gox_0.3.0-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu heartbleeder_0.1.1-8 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu hellfire_0.0~git20180708.bf3c390-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu influxdb_1.6.4-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu influxdb-client_1.6.4-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu irtt_0.9.0-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu jid_0.7.2-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu jp_0.1.3-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu kubernetes-client_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu kubernetes-master_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu kubernetes-node_1.7.16+dfsg-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu merkleeyes_0.0~git20170130.0.549dd01-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu minica_1.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu mongo-tools_3.4.14-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu morty_0.2.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu mtail_3.0.0~rc16-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu ncbi-entrez-direct_10.5.20181204+ds-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu notary_0.6.1~ds1-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu obfs4proxy_0.0.7-4 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu packer_1.3.1+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu peco_0.5.1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu pk4_5 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu pluginhook_0~20150216.0~a320158-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus_2.6.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu prometheus-apache-exporter_0.5.0+ds-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-bind-exporter_0.2~git20161221+dfsg-3 . ANY . -m 'Rebuild
> with current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-bird-exporter_1.2.2-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-blackbox-exporter_0.13.0+ds-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-haproxy-exporter_0.9.0+git20180917+ds-1 . ANY . -m
> 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-mailexporter_1.0-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-mongodb-exporter_1.0.0+git20180522.e755a44-1 . ANY . -m
> 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-mysqld-exporter_0.11.0+ds-1 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-nginx-exporter_0.1.0-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-nginx-vts-exporter_0.10.3+git20180501.43b4556+ds-1 . ANY
> . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-node-exporter_0.17.0+ds-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-postgres-exporter_0.4.6+ds-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-pushgateway_0.7.0+ds-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-sql-exporter_0.2.0.ds-5 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu prometheus-varnish-exporter_1.2-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu pt-websocket_0.2-8 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu ratt_0.0~git20180127.c44413c-2 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu rawdns_1.6~ds1-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu rclone_1.45-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu reflex_0.2.0+git20181022.3df204f-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu rkt_1.30.0+dfsg-7 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu robustirc-bridge_1.8-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu runc_1.0.0~rc5+dfsg1-4 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu sia_1.3.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu skydns_2.5.3a+git20160623.41.00ade30-2 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu slinkwatch_1.0-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu slt_0.0.git20140301-4 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu stenographer_0.0~git20161206.0.66a8e7e-10 . ANY . -m 'Rebuild with
> current golang-1.11 (CVE-2019-6486)'
>   nmu textql_2.0.3-3 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu toxiproxy_2.0.0+dfsg1-6 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu toxiproxy-cli_2.0.0+dfsg1-6 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu umoci_0.4.0+dfsg-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu webhook_2.5.0-2 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>   nmu winrmcp_0.0~git20170607.0.078cc0a-1 . ANY . -m 'Rebuild with current
> golang-1.11 (CVE-2019-6486)'
>   nmu wuzz_0.3.0-1 . ANY . -m 'Rebuild with current golang-1.11
> (CVE-2019-6486)'
>
>
> Regards,
> Tobias
>
>

-- 
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-golang-devel/attachments/20190124/74bdbdec/attachment-0001.html>

More information about the pkg-golang-devel mailing list