From ${URL} : It was found that user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. Upstream bug: https://github.com/golang/go/issues/18141 Upstream patch: https://go-review.googlesource.com/#/c/33721/ External Reference: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I have stabilized 1.7.4 on amd64. Arch teams, please stabilize dev-lang/go-1.7.4 on arm and x86. Thanks. William
x86 stable
arm stable, all arches done.
GLSA Vote: No @ Maintainer(s): Please cleanup <dev-lang/go-1.7.4!
The cleanup is done.