Your message dated Wed, 13 Apr 2016 06:19:01 +0000
with message-id <[email protected]>
and subject line Bug#820369: fixed in golang 2:1.6.1-1
has caused the Debian Bug report #820369,
regarding golang: CVE-2016-3959: infinite loop in several big integer routines
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
820369: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820369
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang
Version: 2:1.6-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for golang.
CVE-2016-3959[0]:
infinite loop in several big integer routines
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-3959
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1324343
[2] https://go-review.googlesource.com/#/c/21533/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: golang
Source-Version: 2:1.6.1-1
We believe that the bug you reported is fixed in the latest version of
golang, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tianon Gravi <[email protected]> (supplier of updated golang package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 Apr 2016 23:06:43 -0700
Source: golang
Binary: golang-go golang-src golang-doc golang
Architecture: source
Version: 2:1.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Go Compiler Team <[email protected]>
Changed-By: Tianon Gravi <[email protected]>
Description:
golang - Go programming language compiler - metapackage
golang-doc - Go programming language - documentation
golang-go - Go programming language compiler, linker, compiled stdlib
golang-src - Go programming language - source files
Closes: 820369
Changes:
golang (2:1.6.1-1) unstable; urgency=medium
.
[ Michael Hudson-Doyle ]
* Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure
smooth upgrades.
* Strip the binaries as it has worked for the last five years or so and
upstream sees no reason to disable it.
.
[ Tianon Gravi ]
* Update to 1.6.1 upstream release (Closes: #820369)
- Fix CVE-2016-3959: infinite loop in several big integer routines
Checksums-Sha1:
cdadf0d83746b2a52b4c3d80bb0f258b0c69abb5 2270 golang_1.6.1-1.dsc
aa8f912f2534c8faa5c5b6d278e7cb3a4f4d238c 12615799 golang_1.6.1.orig.tar.gz
200f1c4387d76f5e6e006d68e821290426443a32 37540 golang_1.6.1-1.debian.tar.xz
Checksums-Sha256:
14d60b335f73e59513652c1af470cb4534459971166868eb2a8a143cd78d076b 2270
golang_1.6.1-1.dsc
1d4b53cdee51b2298afcf50926a7fa44b286f0bf24ff8323ce690a66daa7193f 12615799
golang_1.6.1.orig.tar.gz
b18bfd4435e831b27a79b2e056faf609a8d23528225bebcb8bea5cb039de393d 37540
golang_1.6.1-1.debian.tar.xz
Files:
d54e58d6e94ff7e93ca3749d10c9ab21 2270 devel optional golang_1.6.1-1.dsc
29e1b0369825a56d79f6bd4eb29b0864 12615799 devel optional
golang_1.6.1.orig.tar.gz
57db61152624817c1ea55eb347234271 37540 devel optional
golang_1.6.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXDeJSAAoJEANqnCW/NX3UBzAP/iUpHr9swkYBnkoTZGavaKOs
Z8hC0GwTUZR+6XticZak3vzJW7evT/BVvBqPFGuEkWzMLk6ktjJndizWDhDSDqgi
+ubidlzhx8LRtt5nOLDZAo8YLzyoJSKAcSeJa75KkAYU7NRK0CfwmPy3kVt4IY8T
CWFbI0jRZ7RtWXpdz0G5FofZ/ES7ziiV/5k+GLwhG0/gvnkXXdPKcMPSR/4G9WNS
ckn6vqaY2cf2DX8+ZoxhShMs09gMQW/o8Coo9VaWw8rT59HkU4LOeT1kprVSQfxh
mled6moSC36yvXmz12qOePQINjgj0lPDEoALALhrWircLe+gCOGYxKKWwQ8CTFj0
Wqsrxx/UXS7Bz/4IAwZKM1q8Vb3GxHwirhb42ZmlBugNcLwvmpKH0mz+WrqyFMfv
LNZVYcbT4Y83jeiko3YMk6xqx1Wzjha3zujDVpGY2kX5nnVLwH1bAgBeJdXQfusC
8P5bX7B59o656a6QjmYlts6DB+adxKQwpMT0iac10WJBCg+5oWGN++1EpoHAL918
age9i+2FL7V0y4hCCwB1GL2cvZM3UOfd0tDs8Ja+7AeaFKIDk0qeiGjR47EcUkJW
BdWqZE1ODMANX/LtkAOV8oG1YpdnZeQx7KV6/hkQbgVTLf2nR18rUwE53N10NZ8c
bKA3mf1bARI3x0SuRo0r
=DDmg
-----END PGP SIGNATURE-----
--- End Message ---
