Back to golang-go.crypto PTS page

Accepted golang-go.crypto 1:0.0~git20181203.505ab14-1+deb10u1 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted golang-go.crypto 1:0.0~git20181203.505ab14-1+deb10u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 13 Jun 2023 07:50:20 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1_source.changes
Debian-source: golang-go.crypto
Debian-suite: oldoldstable
Debian-version: 1:0.0~git20181203.505ab14-1+deb10u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=p6Lp0SkyKS+71MChdUQt+aK+mSch013jG9iO+spXh3k=; b=u7JsmanFy9/IlG/x45wf04nxOs XKpGZHCmGkKg6Qqw0cTYloabfCuZdzP9W67/UNuSQ7uBY/MCI6IBhsP2FX/d9ILjXLTzY+1mRxCht mjjzbNWrT7s1yW8B8x+eV63vCfq08QbM8JuVmkcf7jEJMpGA13dLFKUcuvhXxpg4ndXYZ3yY2ES3P 2Q4mDGkICxPjnthnvihaGlMCkgNCr98edQgq4DAZ7W4EIBhityE82Ihxz5sFTWNjCOi0vjlwS7DIZ sa3Vzl6k5m82KNMCDmGGL3+2rfFCwsEaW0g65uyIByf6zCU9rBqVL4i39b8tiLzc1d4Gk2h24G8AJ UZSSJXig==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1q8ynE-008hQj-EC@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Jun 2023 09:32:18 CEST
Source: golang-go.crypto
Architecture: source
Version: 1:0.0~git20181203.505ab14-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 458c0524f70ac837141f61a11ec1cd8d510eaf31 2544 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.dsc
 c5dc0db612ce40637e991f2adeb8c44489bf568e 1433388 golang-go.crypto_0.0~git20181203.505ab14.orig.tar.xz
 3ce81fe08cd0f5a65c5690f20427010239d4074d 11580 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.debian.tar.xz
 5b6336b48382220aa8cef82b3095a12252db87cf 6437 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 d21836c268830cb0cea6a439f5887910b7bb0ab0f13d58adf99ee47867c4e153 2544 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.dsc
 3a0ac2725ad17fd25b269519ef6665d2a5ae566d00efdaa57cef96ea1979e254 1433388 golang-go.crypto_0.0~git20181203.505ab14.orig.tar.xz
 948c4573710691a76f84c744c19a9fe37b643b32b3fa0f78d7c28f46a749ac20 11580 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.debian.tar.xz
 f2eb9478094889c0834d057d84cbef42f13e19c2fab71d94172c2345d4ee5b6b 6437 golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1_amd64.buildinfo
Changes:
 golang-go.crypto (1:0.0~git20181203.505ab14-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-11840:
     An issue was discovered in supplementary Go cryptography libraries, aka
     golang-googlecode-go-crypto. If more than 256 GiB of keystream is
     generated, or if the counter otherwise grows greater than 32 bits, the
     amd64 implementation will first generate incorrect output, and then cycle
     back to previously generated keystream. Repeated keystream bytes can lead
     to loss of confidentiality in encryption applications, or to predictability
     in CSPRNG applications.
   * Fix CVE-2019-11841:
     A message-forgery issue was discovered in
     crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography
     libraries. The "Hash" Armor Header specifies the message digest
     algorithm(s) used for the signature. Since the library skips Armor Header
     parsing in general, an attacker can not only embed arbitrary Armor Headers,
     but also prepend arbitrary text to cleartext messages without invalidating
     the signatures.
   * Fix CVE-2020-9283:
     golang.org/x/crypto allows a panic during signature verification in the
     golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts
     public keys. Also, a server can attack any SSH client.
Files:
 4d3c438da45e75b73168821e4719a096 2544 devel optional golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.dsc
 b01319c83dab7577167c57644bd15617 1433388 devel optional golang-go.crypto_0.0~git20181203.505ab14.orig.tar.xz
 b9e4ad2b670c85f3fb1e7804f928b49b 11580 devel optional golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1.debian.tar.xz
 d0ada1c9f647b314bb993716babef086 6437 devel optional golang-go.crypto_0.0~git20181203.505ab14-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSIG/RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkz0UQAMt6jUmngJGylnH1bzzLy5OQ7aPyLH08tSWy
guUDhS3QnVh7c7hT6Ciac2F+yN9sbUXhAH4dMpsH/NFTvvvtraeKfZp+dp2Z/WMP
sMpW/0EMcutExnI/IKFriijPn07TuSJZ/apseg+tnOO2YaADtkmv09P7hvsbjmzc
epGEd1odWNKQNatqU9FD3IZRDDnWSDhvWL59G3suBxJpiJR/1MqSd5cqGbVlHv2e
HW5ZsSRsHztaLd/qL1px4bgPszu3CqRD4CaLlrQo0GunO7NFtFfKQg7DEU89Ooty
oKvwlG6TdW1ZaAQjrWzD1+NbjVG0hcLG7Hoi1lQTisILhMBr2tfp8VXkY0iWU4U+
dQQUyuvbZoBhAzrxp8f6zMahYhSf379kHzetKehMJngRzhZa3fjw9SGzRFQG8WF/
FeuP5qOtn5C66LB3o/cNQF8TF9QZub5sgNwfCxADxEp+5Nv+oMap3nSuDhMsULgo
VdX1brIKiSnYGLBCD0051aabyXlgIEje3m6ep3t0O06qx5cvs3WjQf+fSGXIjpMK
D+IOM0z7P+IL5EYl7BfvboPXwaVz754QwkSbguFP7npY00l20gv1BYH1Ige5GRNP
10m4L3/xfuYddasP4PpFNdcYa/UI8l3cH4zp2fR9GwdQ5wva/mm8RhbYT7y9x2W4
rIi5Ujif
=GbLw
-----END PGP SIGNATURE-----