| Summary: | <dev-lang/go-1.8.3: Elliptic curves carry propagation issue in x86-64 P-256 | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | williamh |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1455189 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
dev-lang/go-1.8.3
|
Runtime testing required: | --- |
I am waiting for the upstream tarball for go-1.8.3. @security: I have added go-1.8.3 to the tree and stabilized on amd64. Arm and x86 teams, please stabilize. @ Arches, please test and mark stable: =dev-lang/go-1.8.3 x86 stable arm stable, all arches done. GLSA Vote: No @ Maintainer(s): Please cleanup and drop =dev-lang/go-1.8.1! Go-1.8.1 has been removed. Repository is clean, all done. @ Arches and Maintainer(s): Thank you for your work. |
From ${URL} : A carry propagation issue was found in the P-256 implementation for x86-64 in golang. Upstream issue: https://github.com/golang/go/issues/20040 Upstream patch: https://golang.org/cl/41070 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.