drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in golang
| Name: |
Mangelnde Prüfung von Zertifikaten in golang |
|
| ID: |
FEDORA-2014-11971 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 19 |
|
| Datum: |
Sa, 11. Oktober 2014, 12:49 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7189 |
|
| Applikationen: |
Go |
|
Originalnachricht |
Name : golang
Product : Fedora 19
Version : 1.3.3
Release : 1.fc19
URL : http://golang.org/
Summary : The Go Programming Language
Description :
The Go Programming Language.
-------------------------------------------------------------------------------
-
Update Information:
update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
more work to get cgo.a timestamps to line up, due to build-env
-------------------------------------------------------------------------------
-
ChangeLog:
* Wed Oct 1 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.3.3-1
- update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.3.2-1
- update to go1.3.2 (bz1147324)
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-22
- more work to get cgo.a timestamps to line up, due to build-env
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-21
- touch cgo.a regardless
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-20
- rpm dependency ordering for %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-19
- finally check for a Stale cgo in a %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-18
- explicitly list all the files and directories for the packages trees
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-17
- explicitly list all the files and directories of the src tree, to preserve
timestamps
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-16
- touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-15
- make golang-src 'noarch' again, since that was not a fix, and takes
up more space
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-14
- update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-13
- update timestamps of source during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-12
- set another version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-11
- set a version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-10
- make the source subpackage arch'ed, instead of noarch
* Tue Jul 15 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-9
- fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-8
- `go install std` requires gcc, to build cgo. bz1105901, bz1101508
* Wed May 21 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-7
- bz1099206 ghost files are not what is needed
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-6
- bz1099206 more fixing. The packages %post need golang-bin present first
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-5
- bz1099206 more fixing. Let go fix its own timestamps and freshness
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-4
- fix the existence and alternatives of `go` and `gofmt`
* Mon May 19 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-3
- bz1099206 fix timestamp issue caused by koji builders
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-2
- more arch file shuffling
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-1
- update to go1.2.2
* Thu May 8 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-8
- RHEL6 rpm macros can't %exlude missing files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-7
- missed two arch-dependent src files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-6
- put generated arch-dependent src in their respective RPMs
* Fri Apr 11 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-5
- skip test that is causing a SIGABRT on fc21 bz1086900
* Thu Apr 10 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-4
- fixing file and directory ownership bz1010713
* Wed Apr 9 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-3
- including more to macros (%go_arches)
- set a standard goroot as /usr/lib/golang, regardless of arch
- include sub-packages for compiler toolchains, for all golang supported
architectures
* Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
- provide a system rpm macros. Starting with /usr/share/gocode
* Tue Mar 4 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
- Update to latest upstream
* Thu Feb 20 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-7
- Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent
versions of glibc and aren't needed
* Wed Feb 19 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-6
- pull in upstream archive/tar implementation that supports xattr for
docker 0.8.1
* Tue Feb 18 2014 Vincent Batts <vbatts@redhat.com> 1.2-5
- provide 'go', so users can yum install 'go'
* Fri Jan 24 2014 Vincent Batts <vbatts@redhat.com> 1.2-4
- skip a flaky test that is sporadically failing on the build server
* Thu Jan 16 2014 Vincent Batts <vbatts@redhat.com> 1.2-3
- remove golang-godoc dependency. cyclic dependency on compiling godoc
* Wed Dec 18 2013 Vincent Batts <vbatts@redhat.com> - 1.2-2
- removing P224 ECC curve
* Mon Dec 2 2013 Vincent Batts <vbatts@fedoraproject.org> - 1.2-1
- Update to upstream 1.2 release
- remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-8
- fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-7
- patch tests for testing on rawhide
- let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-6
- don't symlink /usr/bin out to ../lib..., move the file
- seperate out godoc, to accomodate the go.tools godoc
* Fri Sep 20 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-5
- Pull upstream patches for BZ#1010271
- Add glibc requirement that got dropped because of meta dep fix
* Fri Aug 30 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-4
- fix the libc meta dependency (thanks to vbatts [at] redhat.com for the fix)
* Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-3
- Revert incorrect merged changelog
* Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-2
- Update spec to fix changelog entries from bad merge
* Tue Aug 20 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-1
- Update to latest upstream
* Wed Jul 10 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-5
- Blacklist testdata files from prelink
- Again try to fix #973842
* Fri Jul 5 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-4
- Move src to libdir for now (#973842) (upstream issue https://code.google.com/p/go/issues/detail?id=5830)
- Eliminate noarch data package to work around RPM bug (#975909)
- Try to add runtime-gdb.py to the gdb safe-path (#981356)
* Wed Jun 19 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-3
- Use lua for pretrans (http://fedoraproject.org/wiki/Packaging:Guidelines#The_.25pretrans_scriptlet)
* Mon Jun 17 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-2
- Hopefully really fix #973842
- Fix update from pre-1.1.1 (#974840)
* Thu Jun 13 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-1
- Update to 1.1.1
- Fix basically useless package (#973842)
* Sat May 25 2013 Dan Horák <dan[at]danny.cz> - 1.1-3
- set ExclusiveArch
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1147324 - CVE-2014-7189 golang: TLS client authentication issue
fixed in version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update golang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
