From ${URL} : Carry propagation in Int.Exp Montgomery function was found in golang's math/big library, similar to CVE-2015-3193. This issue was introduced in the 1.5 release and remains present in 1.5.1 and 1.5.2. Upstream patch: https://go-review.googlesource.com/#/c/17672/ CVE request: http://seclists.org/oss-sec/2015/q4/550 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
fixed in 1.5.3
The affected version (1.5.1-r1) is removed.
no vulnerable versions in tree.