Your message dated Sat, 19 Oct 2019 12:20:23 +0000
with message-id <[email protected]>
and subject line Bug#942629: fixed in golang-1.12 1.12.12-1
has caused the Debian Bug report #942629,
regarding golang-1.12: CVE-2019-17596: invalid public key causes panic in
dsa.Verify
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
942629: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942629
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-1.13
Version: 1.13.1-1
Severity: grave
Tags: security upstream
Control: clone -1 -2
Control: reassign -2 src:golang-1.12 1.12.10-1
Control: retitle -2 golang-1.13: CVE-2019-17596: invalid public key causes
panic in dsa.Verify
Control: forwarded -1 https://github.com/golang/go/issues/34962
Control: forwarded -2 https://github.com/golang/go/issues/34961
Hi,
The following vulnerability was published for golang-1.13.
CVE-2019-17596[0]:
crypto/dsa: invalid public key causes panic in dsa.Verify
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-17596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596
[1] https://github.com/golang/go/issues/34962
[2] https://github.com/golang/go/issues/34961
[3] https://github.com/golang/go/issues/34960
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: golang-1.12
Source-Version: 1.12.12-1
We believe that the bug you reported is fixed in the latest version of
golang-1.12, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dr. Tobias Quathamer <[email protected]> (supplier of updated golang-1.12
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 19 Oct 2019 13:51:14 +0200
Source: golang-1.12
Architecture: source
Version: 1.12.12-1
Distribution: unstable
Urgency: medium
Maintainer: Go Compiler Team <[email protected]>
Changed-By: Dr. Tobias Quathamer <[email protected]>
Closes: 942629
Changes:
golang-1.12 (1.12.12-1) unstable; urgency=medium
.
* New upstream version 1.12.12
- Remove patch 0003-arm64-arm64asm-recognise-ssbb-pssbb-mnemonics.patch,
has been applied upstream.
- crypto/dsa: invalid public key causes panic in dsa.Verify.
Fixes CVE-2019-17596. Closes: #942629
* Update Standards-Version to 4.4.1, no changes needed
Checksums-Sha1:
5c4db0783e2f3ddf9f3bbb1a15b4a50282b45c00 2858 golang-1.12_1.12.12-1.dsc
92172e71bbf60c1855b6ecbc747270ec0d89fd69 21980254
golang-1.12_1.12.12.orig.tar.gz
70cef2d325fc57c7adc84b2eab3965469727fe72 819
golang-1.12_1.12.12.orig.tar.gz.asc
6385dfce61a0982e8676835c465122871ba9e9ff 35816
golang-1.12_1.12.12-1.debian.tar.xz
ce629a856d9d3b9fc20b38036f68faa06b1ea30f 6559
golang-1.12_1.12.12-1_amd64.buildinfo
Checksums-Sha256:
3dcb95c42e9783a34d88aa85b859173d5b0d279a432922ce7db4906fdd477218 2858
golang-1.12_1.12.12-1.dsc
fcb33b5290fa9bcc52be3211501540df7483d7276b031fc77528672a3c705b99 21980254
golang-1.12_1.12.12.orig.tar.gz
430ae60dfd6757054a7db1ea3e39d362499b96e7d9b2490beb07706a305dddea 819
golang-1.12_1.12.12.orig.tar.gz.asc
d66b57069bea31fa60d75993bd2e166d155e70e373b3707b217db466b3939e60 35816
golang-1.12_1.12.12-1.debian.tar.xz
3a0f12464cf5c3f160068f1dffb323c8a6c29d3bc329578d4d0fb914453080b2 6559
golang-1.12_1.12.12-1_amd64.buildinfo
Files:
cc1a1ffe10b3afe291a8d7b694d83e66 2858 devel optional golang-1.12_1.12.12-1.dsc
7524b954f00d8eaf34c5c08772c7944b 21980254 devel optional
golang-1.12_1.12.12.orig.tar.gz
dde5ef690f1be2c523e1476fe8788937 819 devel optional
golang-1.12_1.12.12.orig.tar.gz.asc
79bb772a5b22ecd2b25ad7b54712d761 35816 devel optional
golang-1.12_1.12.12-1.debian.tar.xz
76156b839fa63429c8d8c8ba529ade2e 6559 devel optional
golang-1.12_1.12.12-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAl2q+t4ACgkQEwLx8Dbr
6xlY7w//WUpeB83qpLOFPIgm5jbycxxq+GoW3/VYSySIM+JED8E/txg4cjJQy3wQ
kog3VJ0oIJQvSlswWSV5m6WP0k5Tr0k6YjW4CKR09ztVQeWU8RIk2rehA2vRwnVN
NiWyI7w0eooitYwMJOwECN05dkrtdFtL6h9K0aLB6Nxpg4mNhYY6uVPkGmfQCAN9
PdgjQ2JzoBrZiFB40IecZc2G2JEXEqqcgGT/k7Ns4++sZadFl8QgkGWxWX3k0k6M
lPxHYYL00ubMevYUI6ecJdoyXwJyRo+nYPLGDzBa1od6D6pqwQ947w/Z+93dbvsp
UliJGPLKws/849FWF8uU5ftyiFBTt9EG1cas3AWjJJqWPANHMgzQ0MMK8RpaIZf7
kUz9EChQhriVb7o2s1WYyE5Ts3P/d6MShAGo8gASBoysVC56IjtMmCJeT/KGX8Ow
Bw0dPFILDI5QffDngQJ5z8quYR/yrMoRy2pF3kVGhRowhtJTc8xx04tP0s7jflnO
4lrhCrQW7ruojDm3prJ3XxXXm4bfkm7/zkKD1P1g4P3PVch0gJTzq0hiiXP7WyjF
OFXzys4J8uxguQuJnbtM+ZwVn4npOCfycWpOkdy6lluVFCsQB3YW6ow3+GDK5RhL
cUiw4mlcKbw1TfE7nGxoG1T0xLyGd5lFvQRgx2C/sZL9YowVxbQ=
=6pyN
-----END PGP SIGNATURE-----
--- End Message ---
