Skip to content
This repository has been archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
base: e39e43a349d5
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
compare: 5a3e195bcb32
Choose a head ref
  • 3 commits
  • 3 files changed
  • 2 contributors

Commits on Jan 29, 2019

  1. go: 1.11.4 -> 1.11.5

    https://groups.google.com/forum/#!msg/golang-announce/mVeX35iXuSw/Flp8FX7QEAAJ
    
    We have just released Go 1.11.5 and Go 1.10.8 to address a recently reported security issue. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.11.5).
    
    This DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.
    
    These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
    
    The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the Go issue for more details.
    
    (cherry picked from commit d803da8)
    allowthere authored and Mic92 committed Jan 29, 2019
    Copy the full SHA
    ef8659b View commit details
    Browse the repository at this point in the history
  2. Copy the full SHA
    374f74c View commit details
    Browse the repository at this point in the history
  3. go_1_9: mark as insecure (see the parent commit)

    Upstream only supports two latest releases.
    golang/go#29903 (comment)
    
    (cherry picked from commit a687ef9)
    vcunat authored and Mic92 committed Jan 29, 2019
    Copy the full SHA
    5a3e195 View commit details
    Browse the repository at this point in the history