-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : golang-go.crypto Version : 0.0~hg190-1+deb8u2 CVE ID : CVE-2019-11841
This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures. For Debian 8 "Jessie", this problem has been fixed in version 0.0~hg190-1+deb8u2. We recommend that you upgrade your golang-go.crypto packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl17MLcACgkQKpJZkldk Svq2QQ/9HV2ZvQawcPk3yoCeJjMnVA4uOlVXKreI84godR7TEPHu/lFMzXxmv7r6 IFNADChJ5SrGIy9/qZOMqg7x4po1/2rJGnzY5L6Sh4BSsu8LzoLC5MO3XTo5NUG5 Lrr0cGdjYCwHkRRq0tSHzJFOME51YHFsosl+2TXKe1BOoJ/YkBv763hgmIrSO5Zl wCH3aoujtshRBaUZEdCltnw+l2E2ykJJB48in9gtHOMh7r7388Jm9b5xMF9dorjc pyIs8o1iIbs28igsZXVC8I+kKmr5vJ5iTZ79h8DDUYhLlUCTkuLxC3cb3tRZcxi0 Dy9wfpNK5WCK5dWCWG2QE6BVJGp81+1xiqMqxcbYjhsWPHAZtR2H7hNfvoptq4F7 Pdk3jB4cHUA/sKcAgUTfuXA3rwk0cfnCGpx5Yg8LdlL/wupSsya2Hvo7OgAPJY+a JKwIxYuwsRiBzKLk1J5ATS3FdFGlgxhD658wKTiAYwZ1za77Re0CddQe4wuR68Tx QuVXB/8VE7WUM34P7T2jVTMRFpZ8+5ZYrQQmADPLljwUoptxNjM8hYppkYYSssJF jDHV/34Gs3jvQUiSft46lQK5h5oPxZXgVXwIsaKyMQ9gMXEg95J5AIyipma2MgFm eqXptJYnP2Y6Zzpbb6Q3XGSssdblgiAD80z19Y4N9h8LcQ3A6Cw= =AhI4 -----END PGP SIGNATURE-----
