Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70058 - [golang-golang-x-crypto] [Security] denial of service (CVE-2020-29652)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 11:33 GMT
Last edited by Toolybird (Toolybird) - Saturday, 20 May 2023, 20:48 GMT
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 11:33 GMT
Last edited by Toolybird (Toolybird) - Saturday, 20 May 2023, 20:48 GMT
|
DetailsSummary
======= The package golang-golang-x-crypto is vulnerable to denial of service via CVE-2020-29652. Guidance ======== The project has no stable releases. Upgrading to commit 8b5274cf687fd9316b4108863654cc57385531e8 or later (at the time of creating this issue, the current master is commit 513c2a44f67042677f472fb65720351c7332c3b8) fixes the issue. References ========== https://security.archlinux.org/AVG-1511 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE https://go-review.googlesource.com/c/crypto/+/278852 https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8%5E! |
This task depends upon
Comment by Jonas Witschel (diabonas) -
Thursday, 02 December 2021, 19:56 GMT
Another remote denial of service security issue (CVE-2021-43565) has been found in the package, upgrading to commit 5770296d904e90f15f38f77dfc2e43fdf5efc083 or newer fixes it.
Comment by Toolybird (Toolybird) -
Thursday, 20 April 2023, 23:24 GMT
Both issues appear to have been fixed. Can we close?