[pkg-golang-devel] golang CVE-2019-6486 (DoS in crypto/elliptic)

Dr. Tobias Quathamer toddy at debian.org
Thu Jan 24 14:07:11 GMT 2019 

Am 24.01.2019 um 15:00 schrieb Dr. Tobias Quathamer:
> This should be a complete and current list of needed binNMUs:

Well, almost ... :-)

Please add these packages to the list as well:


  nmu amazon-ecr-credential-helper_0.2.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu cloudsql-proxy_1.13-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu dnscrypt-proxy_2.0.19+ds1-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu docker.io_18.06.1+dfsg1-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu fever_1.0.3-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu fzf_0.17.5-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu git-lfs_2.6.1-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gokey_0.0~git20190103.40eba7e-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-dcso-bloom-cli_0.2.3-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-grpc-gateway_1.6.4-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gotail_1.0.0+git20180327.c434825-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-github-sebest-xff_0.0~git20160910.6c115e0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu golang-goprotobuf-dev_1.2.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gost_0.1.0+git20181204.5afeda5e-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu gron_0.6.0-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu hub_2.7.0~ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu hugo_0.53-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu kcptun_20190109+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu mender-client_1.7.0-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu nomad_0.8.7+dfsg1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-alertmanager_0.15.3+ds-2 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-process-exporter_0.4.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu prometheus-snmp-exporter_0.14.0+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu restic_0.9.4+ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu snapd_2.37-3 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu syncthing_1.0.0~ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu syncthing-discosrv_1.0.0~ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu syncthing-relaysrv_1.0.0~ds1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'
  nmu vuls_0.6.1-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)'


Regards,
Tobias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-golang-devel/attachments/20190124/8a14fb6a/attachment.sig>

More information about the pkg-golang-devel mailing list