9:15 a.m.
I'm planning on landing it in Fedora(all branches) ASAP as they go out. Please prepare
to do rebuild of all your packages that might be affected by the CVEs in golang stdlib.
Jakub
----- Forwarded Message -----
> From: "Andrew Gerrand" <adg(a)golang.org>
> To: "golang-nuts" <golang-nuts(a)googlegroups.com>
> Sent: Friday, April 8, 2016 2:22:02 AM
> Subject: Fwd: feedback requested: [security] Go 1.5.4 and Go 1.6.1
>
> We plan to issue Go 1.5.4 and Go 1.6,1 on Wednesday April 13 at
> approximately 2am UTC.
> These are minor releases to fix two security issues.
>
> Following our policy at https://golang.org/security, this is the
> pre-announcement of those releases.
>
> They will be followed by a more significant 1.6.2 point release that will
> fix a number of issues
>
<https://github.com/golang/go/issues?utf8=%E2%9C%93&q=milestone%3AGo1....;.
>
> Cheers,
> Andrew, on behalf of the Go team
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-announce" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-announce+unsubscribe(a)googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
8:30 a.m.
New subject: feedback requested: [security] Go 1.5.4 and Go 1.6.1
Golang updates are submitted in bodhi and pushed to the build root-override.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2940ad5550
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2fcfc7670f
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59c5e405e3
Please test and provide karma :).
Please proceed to rebuild your packages(on all active Fedora branches, i.e.
rawhide,f24,f23,f22).
From upstream CVE summary:
"...Programs using HTTPS client certificates or the Go SSH server libraries are both
exposed to this vulnerability..."
----- Original Message -----
> From: "Jakub Cajka" <jcajka(a)redhat.com>
> To: "Vincent Batts" <vbatts(a)redhat.com>, "Lokesh Mandvekar"
<lsm5(a)redhat.com>, "Jan Chaloupka" <jchaloup(a)redhat.com>,
> maxamillion(a)gmail.com
> Cc: golang(a)lists.fedoraproject.org
> Sent: Friday, April 8, 2016 4:15:46 PM
> Subject: Fwd: feedback requested: [security] Go 1.5.4 and Go 1.6.1
>
>
> I'm planning on landing it in Fedora(all branches) ASAP as they go out.
> Please prepare to do rebuild of all your packages that might be affected by
> the CVEs in golang stdlib.
>
> Jakub
>
> ----- Forwarded Message -----
> > From: "Andrew Gerrand" <adg(a)golang.org>
> > To: "golang-nuts" <golang-nuts(a)googlegroups.com>
> > Sent: Friday, April 8, 2016 2:22:02 AM
> > Subject: Fwd: feedback requested: [security] Go 1.5.4 and Go 1.6.1
> >
> > We plan to issue Go 1.5.4 and Go 1.6,1 on Wednesday April 13 at
> > approximately 2am UTC.
> > These are minor releases to fix two security issues.
> >
> > Following our policy at https://golang.org/security, this is the
> > pre-announcement of those releases.
> >
> > They will be followed by a more significant 1.6.2 point release that will
> > fix a number of issues
> >
<https://github.com/golang/go/issues?utf8=%E2%9C%93&q=milestone%3AGo1....;.
> >
> > Cheers,
> > Andrew, on behalf of the Go team
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "golang-announce" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to golang-announce+unsubscribe(a)googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> _______________________________________________
> golang mailing list
> golang(a)lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/lists/golang@lists.fedoraproject.org
>
2994
days inactive
3000
days old
golang@lists.fedoraproject.org
1 comments
1 participants
participants (1)
-
Jakub Cajka