Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

golang-1.8: CVE-2017-8932: Elliptic curves carry propagation issue in x86-64 P-256

Related Vulnerabilities: CVE-2017-8932  

Source

Debian Bug report logs - #863307
golang-1.8: CVE-2017-8932: Elliptic curves carry propagation issue in x86-64 P-256

version graph

Package: src:golang-1.8; Maintainer for src:golang-1.8 is Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 25 May 2017 09:30:01 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version golang-1.8/1.8.1-1

Fixed in version golang-1.8/1.8.3-1

Done: Michael Hudson-Doyle <michael.hudson@ubuntu.com>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/golang/go/issues/20040

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>:
Bug#863307; Package src:golang-1.8. (Thu, 25 May 2017 09:30:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>. (Thu, 25 May 2017 09:30:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: golang-1.8: CVE-2017-8932: Elliptic curves carry propagation issue in x86-64 P-256
Date: Thu, 25 May 2017 11:26:33 +0200
Source: golang-1.8
Version: 1.8.1-1
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/golang/go/issues/20040
Control: clone -1 -2
Control: reassign -2 src:golang-1.7 1.7.4-2

Hi,

the following vulnerability was published for golang-1.8 (and
golang-1.7 thus cloning and reassigning this bug).

CVE-2017-8932[0]:
Elliptic curves carry propagation issue in x86-64 P-256

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8932
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8932
[1] https://github.com/golang/go/issues/20040

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug 863307 cloned as bug 863308 Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 25 May 2017 09:30:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 29 May 2017 17:33:08 GMT) (full text, mbox, link).

Reply sent to Michael Hudson-Doyle <michael.hudson@ubuntu.com>:
You have taken responsibility. (Thu, 01 Jun 2017 09:36:08 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 01 Jun 2017 09:36:08 GMT) (full text, mbox, link).

Message #14 received at 863307-close@bugs.debian.org (full text, mbox, reply):

From: Michael Hudson-Doyle <michael.hudson@ubuntu.com>
To: 863307-close@bugs.debian.org
Subject: Bug#863307: fixed in golang-1.8 1.8.3-1
Date: Thu, 01 Jun 2017 09:33:45 +0000
Source: golang-1.8
Source-Version: 1.8.3-1

We believe that the bug you reported is fixed in the latest version of
golang-1.8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863307@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Hudson-Doyle <michael.hudson@ubuntu.com> (supplier of updated golang-1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Jun 2017 21:06:00 +1200
Source: golang-1.8
Binary: golang-1.8-go golang-1.8-src golang-1.8-doc golang-1.8
Architecture: source
Version: 1.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Changed-By: Michael Hudson-Doyle <michael.hudson@ubuntu.com>
Description:
 golang-1.8 - Go programming language compiler - metapackage
 golang-1.8-doc - Go programming language - documentation
 golang-1.8-go - Go programming language compiler, linker, compiled stdlib
 golang-1.8-src - Go programming language - source files
Closes: 863292 863307
Changes:
 golang-1.8 (1.8.3-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: 863292, 863307)
Checksums-Sha1:
 ba5e4edff1752aaa6b4f8814b837b138645ecfe0 2445 golang-1.8_1.8.3-1.dsc
 7c3b942c58a44396ff1d205d0e6e72770792d626 15345996 golang-1.8_1.8.3.orig.tar.gz
 21da970740a17f999162de236ea1720dc3d6720b 28752 golang-1.8_1.8.3-1.debian.tar.xz
Checksums-Sha256:
 691c420a790c068043a962c7c5ba5e3764603b8d54e0088f1aecb7756f87b084 2445 golang-1.8_1.8.3-1.dsc
 5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 15345996 golang-1.8_1.8.3.orig.tar.gz
 d91869e6d69141090f946f2e25fbc08e2c4dee89a9a573edeabf6fb1773d5206 28752 golang-1.8_1.8.3-1.debian.tar.xz
Files:
 5ddb08d0b3a7ebaa31f72fc82e311b0c 2445 devel optional golang-1.8_1.8.3-1.dsc
 64e9380e07bba907e26a00cf5fcbe77e 15345996 devel optional golang-1.8_1.8.3.orig.tar.gz
 10ef52eabd0652b2d76290df51369bbb 28752 devel optional golang-1.8_1.8.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZL9xtAAoJEBHfQpTMo5iTB2kQAIH8lZ8lwVwt+2JZzzfsvbYs
vhQlSfIVSb6BaRyAum749kDhGqsMSRYpihGTFqAYicLrBamVOgG0jQHsaMXifGLS
xbdtIj3lAV5QwQAaszRchVKmeqocxJQ3vRVc9+5i0suBRQ4y0Me1r9U+RXjwlVvV
+84B9FFzgbL4pA0+9YOc/Uxh0jzkwoUrjE5YZwUFKjez4LvWDXbcjTchvf3HV2Ek
+51IhHqjQCm1OtZFxVr+GV0GyWLhUQGnFD3++RKGw9CviCrIJGb8QAfsX9XkaTVa
ulkVJ3Z61z61y4WMMuE/wrjSZ9nS379FUk9v0pG760L1Vyp0IKwJJK+ejGoHUobH
3XttAr9AjlhQ7vXoRjpJ1vuoL6Xl/1eBo++xNDSMOn/LGPzyp6lxiohvMwRNGBr9
lySyjjTXbeFXDZ5GXWDcySyPnaftnuG52HqSwBhuA+Fb/NehRpIkukDXhktW5EZa
hcA1t/sb7WJgc2JcrUnt82utlM26YptiNHjp/6V9MFtEb2HeS6/hEpn+Zfvm8vUS
qwbmNwgRiggyMa7+WwQgAQzPupweQ6PkuMXji1hW5T614600DhsecH8FlhMz7enh
2l/kLxmQaJyzEbbkVy2Pa2WOq/uo2RiQHpgsB4m1JzN5ojBL8eGIxpFOS3U/NWV6
NhJHsI5AudpM+h/v7HGE
=KUAY
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 24 Jul 2017 07:24:51 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:07:48 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started