CVSROOT: /cvs
Module name: ports
Changes by: juan...@cvs.openbsd.org 2016/04/14 11:45:33
Modified files:
lang/go : Tag: OPENBSD_5_9 Makefile distinfo
lang/go/pkg : Tag: OPENBSD_5_9 PLIST
Log message:
Update to go 1.5.4. OK jasper@ jsing@ (MAINTAINER).
https://groups.google.com/forum/#!topic/golang-announce/9eqIHqaWvck
"Go's crypto libraries passed certain parameters unchecked to the
underlying big integer library, possibly leading to extremely
long-running computations, which in turn makes Go programs vulnerable to
remote denial of service attacks. Programs using HTTPS client
certificates or the Go SSH server libraries are both exposed to this
vulnerability.
This is CVE-2016-3959 and was addressed by this change:
https://golang.org/cl/21533
Thanks to David Wong for identifying this issue."
