[Buildroot] [PATCH] package/go: security bump to version 1.13.7

Peter Korsgaard peter at korsgaard.com
Sat Mar 7 13:58:59 UTC 2020

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte

 > On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
 > parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
 > The malformed certificate can be delivered via a crypto/tls connection to a
 > client, or to a server that accepts client certificates.  net/http clients
 > can be made to crash by an HTTPS server, while net/http servers that accept
 > client certificates will recover the panic and are unaffected.  Thanks to
 > Project Wycheproof for providing the test cases that led to the discovery of
 > this issue.  The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.11.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list