-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : golang-go.crypto Version : 0.0~hg190-1+deb8u1 CVE ID : CVE-2019-11840
A flaw was found in the amd64 implementation of salsa20. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. For Debian 8 "Jessie", this problem has been fixed in version 0.0~hg190-1+deb8u1. obfs4proxy has been rebuilt as version 0.0.3-2+deb8u1. We recommend that you upgrade your golang-golang-x-crypto-dev and obfs4proxy packages, and rebuild any software using golang-golang-x-crypto-dev. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl0ZAC4ACgkQiNJCh6LY mLH2HA/+Ig7oPKv3/25zBz1kdC9shIP2m3p0F8JG1pvD4g2eqRs8SwKIoFvUwoJp mUQWpHIpGepVfLnq1so/0IoN+R9NhmeH0HrDUM6K9iLN/0io5wOmG4N4U0wDVkKD dPFGhA64zDmRxIWxP4Hhbj8Qohe/WbeM4t1l5+mbveFZHRfY7kEgEIPKAXSpVFo6 0uoDjsjWIvNkezx8+MMsLtFQ7MQIvObt8uvdV7U4+1wBC3e57wRtECoXcapNsyDv 2xcALTxLIvxORWXB7XQFV8G+kYa1qyoh/4KfQQnlQ4dZxUMUIe1o2zm4hyNTil8L 33FjtN6UjS7KfOYszLwh+JbKnkGFWRGksHb+PrAT6CpEkacRvaVgayzvBmSJ1UC/ H2hZ2wkapupX+gzTlyxMuE+gzppWYmIc9Pn8MonxWxZRFJGkMKNPho/JBCpTwwzX PwkzYBGOl/wLiomXDNAtYn2ccfcHTqerQhZFr//7K48qvq4vdtMLVah8WWHecasc ETGA0+Q3Blri0fX6hxIXUBNftzSFWZG8JhAS58oJTDJIUOms+VFVvwhCGRJXSq9j Ss/JmE0IN7CHXs9ZzUgN87lz6r22GtvVEUOe7U7xSPZkNU2ytWgJZI6dHFegocgp YGL7T08Mm8IhDqx97B/b7AaV3YHPEkriUP4tu5yGpf8GEoEjFzg= =gixn -----END PGP SIGNATURE-----