Summary: | <dev-lang/go-{1.15.14,1.16.6}: Denial of service in crypto/tls (CVE-2021-34558) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
dev-lang/go-1.15.14
dev-lang/go-1.16.6
|
Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be5ded95d291316974a51edb76f2bfa42a642b55 commit be5ded95d291316974a51edb76f2bfa42a642b55 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-07-15 18:26:00 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-07-15 18:29:47 +0000 dev-lang/go: 1.15.14 and 1.16.6 security bump Tests passed on amd64, so I'm stabilizing. Bug: https://bugs.gentoo.org/802054 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 2 + dev-lang/go/go-1.15.14.ebuild | 189 ++++++++++++++++++++++++++++++++++++++++++ dev-lang/go/go-1.16.6.ebuild | 189 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 380 insertions(+) Please go ahead with stabilization. Tests passed here so I stabilized on amd64. Thanks, William Thanks! x86 stable arm done arm64 done ppc64 done last arch, please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4eae5881b582037bef7f6fcb52295f67b0fcf3c commit b4eae5881b582037bef7f6fcb52295f67b0fcf3c Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-07-26 02:38:44 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-07-26 02:41:55 +0000 dev-lang/go: Remove 1.15.13 and 1.16.5 Bug: https://bugs.gentoo.org/802054 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 2 - dev-lang/go/go-1.15.13.ebuild | 189 ------------------------------------------ dev-lang/go/go-1.16.5.ebuild | 189 ------------------------------------------ 3 files changed, 380 deletions(-) Unable to check for sanity:
> no match for package: dev-lang/go-1.15.14
The oldest version of go in the tree is 1.17.5. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3cb3a96a3023359a20f60ec1f45f10c1fc4012ca commit 3cb3a96a3023359a20f60ec1f45f10c1fc4012ca Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-04 13:53:02 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-04 13:59:34 +0000 [ GLSA 202208-02 ] Go: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/754210 Bug: https://bugs.gentoo.org/766216 Bug: https://bugs.gentoo.org/775326 Bug: https://bugs.gentoo.org/788640 Bug: https://bugs.gentoo.org/794784 Bug: https://bugs.gentoo.org/802054 Bug: https://bugs.gentoo.org/806659 Bug: https://bugs.gentoo.org/807049 Bug: https://bugs.gentoo.org/816912 Bug: https://bugs.gentoo.org/821859 Bug: https://bugs.gentoo.org/828655 Bug: https://bugs.gentoo.org/833156 Bug: https://bugs.gentoo.org/834635 Bug: https://bugs.gentoo.org/838130 Bug: https://bugs.gentoo.org/843644 Bug: https://bugs.gentoo.org/849290 Bug: https://bugs.gentoo.org/857822 Bug: https://bugs.gentoo.org/862822 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-02.xml | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) GLSA released, all done! |