drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in golang
Name: |
Mangelnde Prüfung von Zertifikaten in golang |
|
ID: |
FEDORA-2014-11971 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Sa, 11. Oktober 2014, 12:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7189 |
|
Applikationen: |
Go |
|
Originalnachricht |
Name : golang Product : Fedora 19 Version : 1.3.3 Release : 1.fc19 URL : http://golang.org/ Summary : The Go Programming Language Description : The Go Programming Language.
------------------------------------------------------------------------------- - Update Information:
update to go1.3.3 (bz1146882) update to go1.3.2 (bz1147324) more work to get cgo.a timestamps to line up, due to build-env ------------------------------------------------------------------------------- - ChangeLog:
* Wed Oct 1 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.3.3-1 - update to go1.3.3 (bz1146882) * Mon Sep 29 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.3.2-1 - update to go1.3.2 (bz1147324) * Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-22 - more work to get cgo.a timestamps to line up, due to build-env * Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-21 - touch cgo.a regardless * Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-20 - rpm dependency ordering for %post * Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-19 - finally check for a Stale cgo in a %post * Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-18 - explicitly list all the files and directories for the packages trees * Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-17 - explicitly list all the files and directories of the src tree, to preserve timestamps * Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-16 - touch all the built archives to be the same * Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-15 - make golang-src 'noarch' again, since that was not a fix, and takes up more space * Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-14 - update timestamps of source files during %install bz1099206 * Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-13 - update timestamps of source during %install bz1099206 * Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-12 - set another version constraint on xemacs due to bz1127518 * Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-11 - set a version constraint on xemacs due to bz1127518 * Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-10 - make the source subpackage arch'ed, instead of noarch * Tue Jul 15 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-9 - fix the loading of gdb safe-path. bz981356 * Tue Jul 8 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.2.2-8 - `go install std` requires gcc, to build cgo. bz1105901, bz1101508 * Wed May 21 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-7 - bz1099206 ghost files are not what is needed * Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-6 - bz1099206 more fixing. The packages %post need golang-bin present first * Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-5 - bz1099206 more fixing. Let go fix its own timestamps and freshness * Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-4 - fix the existence and alternatives of `go` and `gofmt` * Mon May 19 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-3 - bz1099206 fix timestamp issue caused by koji builders * Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-2 - more arch file shuffling * Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-1 - update to go1.2.2 * Thu May 8 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-8 - RHEL6 rpm macros can't %exlude missing files * Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-7 - missed two arch-dependent src files * Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-6 - put generated arch-dependent src in their respective RPMs * Fri Apr 11 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-5 - skip test that is causing a SIGABRT on fc21 bz1086900 * Thu Apr 10 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-4 - fixing file and directory ownership bz1010713 * Wed Apr 9 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-3 - including more to macros (%go_arches) - set a standard goroot as /usr/lib/golang, regardless of arch - include sub-packages for compiler toolchains, for all golang supported architectures * Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2 - provide a system rpm macros. Starting with /usr/share/gocode * Tue Mar 4 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1 - Update to latest upstream * Thu Feb 20 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-7 - Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent versions of glibc and aren't needed * Wed Feb 19 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-6 - pull in upstream archive/tar implementation that supports xattr for docker 0.8.1 * Tue Feb 18 2014 Vincent Batts <vbatts@redhat.com> 1.2-5 - provide 'go', so users can yum install 'go' * Fri Jan 24 2014 Vincent Batts <vbatts@redhat.com> 1.2-4 - skip a flaky test that is sporadically failing on the build server * Thu Jan 16 2014 Vincent Batts <vbatts@redhat.com> 1.2-3 - remove golang-godoc dependency. cyclic dependency on compiling godoc * Wed Dec 18 2013 Vincent Batts <vbatts@redhat.com> - 1.2-2 - removing P224 ECC curve * Mon Dec 2 2013 Vincent Batts <vbatts@fedoraproject.org> - 1.2-1 - Update to upstream 1.2 release - remove the pax tar patches * Tue Nov 26 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-8 - fix the rpmspec conditional for rhel and fedora * Thu Nov 21 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-7 - patch tests for testing on rawhide - let the same spec work for rhel and fedora * Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> - 1.1.2-6 - don't symlink /usr/bin out to ../lib..., move the file - seperate out godoc, to accomodate the go.tools godoc * Fri Sep 20 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-5 - Pull upstream patches for BZ#1010271 - Add glibc requirement that got dropped because of meta dep fix * Fri Aug 30 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-4 - fix the libc meta dependency (thanks to vbatts [at] redhat.com for the fix) * Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-3 - Revert incorrect merged changelog * Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-2 - Update spec to fix changelog entries from bad merge * Tue Aug 20 2013 Adam Miller <maxamillion@fedoraproject.org> - 1.1.2-1 - Update to latest upstream * Wed Jul 10 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-5 - Blacklist testdata files from prelink - Again try to fix #973842 * Fri Jul 5 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-4 - Move src to libdir for now (#973842) (upstream issue https://code.google.com/p/go/issues/detail?id=5830) - Eliminate noarch data package to work around RPM bug (#975909) - Try to add runtime-gdb.py to the gdb safe-path (#981356) * Wed Jun 19 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-3 - Use lua for pretrans (http://fedoraproject.org/wiki/Packaging:Guidelines#The_.25pretrans_scriptlet) * Mon Jun 17 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-2 - Hopefully really fix #973842 - Fix update from pre-1.1.1 (#974840) * Thu Jun 13 2013 Adam Goode <adam@spicenitz.org> - 1.1.1-1 - Update to 1.1.1 - Fix basically useless package (#973842) * Sat May 25 2013 Dan Horák <dan[at]danny.cz> - 1.1-3 - set ExclusiveArch ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1147324 - CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2 https://bugzilla.redhat.com/show_bug.cgi?id=1147324 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update golang' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|