Golang updates are submitted in bodhi and pushed to the build root-override.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2940ad5550
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2fcfc7670f
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59c5e405e3
Please test and provide karma :).
Please proceed to rebuild your packages(on all active Fedora branches, i.e.
rawhide,f24,f23,f22).
From upstream CVE summary:
"...Programs using HTTPS client certificates or the Go SSH server libraries are both
exposed to this vulnerability..."
----- Original Message -----
> From: "Jakub Cajka" <jcajka(a)redhat.com>
> To: "Vincent Batts" <vbatts(a)redhat.com>, "Lokesh Mandvekar"
<lsm5(a)redhat.com>, "Jan Chaloupka" <jchaloup(a)redhat.com>,
> maxamillion(a)gmail.com
> Cc: golang(a)lists.fedoraproject.org
> Sent: Friday, April 8, 2016 4:15:46 PM
> Subject: Fwd: feedback requested: [security] Go 1.5.4 and Go 1.6.1
>
>
> I'm planning on landing it in Fedora(all branches) ASAP as they go out.
> Please prepare to do rebuild of all your packages that might be affected by
> the CVEs in golang stdlib.
>
> Jakub
>
> ----- Forwarded Message -----
> > From: "Andrew Gerrand" <adg(a)golang.org>
> > To: "golang-nuts" <golang-nuts(a)googlegroups.com>
> > Sent: Friday, April 8, 2016 2:22:02 AM
> > Subject: Fwd: feedback requested: [security] Go 1.5.4 and Go 1.6.1
> >
> > We plan to issue Go 1.5.4 and Go 1.6,1 on Wednesday April 13 at
> > approximately 2am UTC.
> > These are minor releases to fix two security issues.
> >
> > Following our policy at
https://golang.org/security, this is the
> > pre-announcement of those releases.
> >
> > They will be followed by a more significant 1.6.2 point release that will
> > fix a number of issues
> >
<
https://github.com/golang/go/issues?utf8=%E2%9C%93&q=milestone%3AGo1....;.
> >
> > Cheers,
> > Andrew, on behalf of the Go team
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "golang-announce" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to golang-announce+unsubscribe(a)googlegroups.com.
> > For more options, visit
https://groups.google.com/d/optout.
> >
> _______________________________________________
> golang mailing list
> golang(a)lists.fedoraproject.org
>
http://lists.fedoraproject.org/admin/lists/golang@lists.fedoraproject.org
>