On 2019-02-06 22:17:26, Chris Lamb wrote: > It was discovered that there was a denial of service vulnerability > or possibly even the ability to conduct private key recovery > attacks within in the elliptic curve cryptography handling in the > Go programming language libraries.
Hello Chris! Have you given any thought to the impact this could have on the build-dependencies that might be affected by this vulnerability? As you probably know, all golang Debian packages are (as elsewhere) statically compiled and linked so we'd need to rebuild all the rdeps to have this properly fixed in the dependencies... A. -- Si Dieu est, l'homme est esclave ; or l'homme peut, doit être libre, donc Dieu n'existe pas. Et si Dieu existait, il faudrait s'en débarrasser! - Michel Bakounine