https://golang.org/doc/devel/release.html#go1.11.minor doesn't mention 1.11.5 yet.
On Wed, Jan 23, 2019 at 1:53 PM Julie Qiu <ju...@golang.org> wrote: > Hi gophers, > > We have just released Go 1.11.5 and Go 1.10.8 to address a recently > reported security issue. We recommend that all users update to one of these > releases (if you’re not sure which, choose Go 1.11.5). > > This DoS vulnerability in the crypto/elliptic implementations of the P-521 > and P-384 elliptic curves may let an attacker craft inputs that consume > excessive amounts of CPU. > > These inputs might be delivered via TLS handshakes, X.509 certificates, > JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH > private key is reused more than once, the attack can also lead to key > recovery. > > The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the > Go issue for more details. > > Downloads are available at https://golang.org/dl for all supported > platforms. > > Cheers, > > Julie (on behalf of the Go team) > > -- > You received this message because you are subscribed to the Google Groups > "golang-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
