[Buildroot] [PATCH] package/go: security bump to version 1.13.7
peter at korsgaard.com
Sat Mar 7 13:58:59 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> - Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
> On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1
> parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
> The malformed certificate can be delivered via a crypto/tls connection to a
> client, or to a server that accepts client certificates. net/http clients
> can be made to crash by an HTTPS server, while net/http servers that accept
> client certificates will recover the panic and are unaffected. Thanks to
> Project Wycheproof for providing the test cases that led to the discovery of
> this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.11.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot