Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#47742 - [go] go packages need a rebuild with 1.5.3

Attached to Project: Community Packages
Opened by xduugu (xduugu) - Thursday, 14 January 2016, 01:05 GMT
Last edited by Alexander F. Rødseth (xyproto) - Saturday, 23 January 2016, 19:17 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Alexander F. Rødseth (xyproto)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

According to [1] and [2], a rebuild of all go packages (syncthing, docker, ...) might be a good idea.

> A security-related issue has been reported in Go's math/big package. The issue was introduced in Go 1.5.
> We recommend that all users upgrade to Go 1.5.3, which fixes the issue.
> Go programs must be recompiled with Go 1.5.3 in order to receive the fix.

[1] https://groups.google.com/forum/#!topic/golang-announce/MEATuOi_ei4
[2] https://forum.syncthing.net/t/security-update-syncthing-v0-12-13/6548
This task depends upon

Closed by  Alexander F. Rødseth (xyproto)
Saturday, 23 January 2016, 19:17 GMT
Reason for closing:  Fixed
Additional comments about closing:  The Go package has been updated.
Comment by Alexander F. Rødseth (xyproto) - Thursday, 14 January 2016, 09:03 GMT
Thanks for reporting! I will look into this.
Comment by Alexander F. Rødseth (xyproto) - Saturday, 23 January 2016, 19:16 GMT
Go package was updated 2016-01-14. Internal TODO for updating several Go packages has been created.

Loading...