Your message dated Sat, 19 Oct 2019 12:04:43 +0000 with message-id <e1ilntp-000cas...@fasolo.debian.org> and subject line Bug#942628: fixed in golang-1.13 1.13.3-1 has caused the Debian Bug report #942628, regarding golang-1.13: CVE-2019-17596: invalid public key causes panic in dsa.Verify to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 942628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: golang-1.13 Version: 1.13.1-1 Severity: grave Tags: security upstream Control: clone -1 -2 Control: reassign -2 src:golang-1.12 1.12.10-1 Control: retitle -2 golang-1.13: CVE-2019-17596: invalid public key causes panic in dsa.Verify Control: forwarded -1 https://github.com/golang/go/issues/34962 Control: forwarded -2 https://github.com/golang/go/issues/34961 Hi, The following vulnerability was published for golang-1.13. CVE-2019-17596[0]: crypto/dsa: invalid public key causes panic in dsa.Verify If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596 [1] https://github.com/golang/go/issues/34962 [2] https://github.com/golang/go/issues/34961 [3] https://github.com/golang/go/issues/34960 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: golang-1.13 Source-Version: 1.13.3-1 We believe that the bug you reported is fixed in the latest version of golang-1.13, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 942...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dr. Tobias Quathamer <to...@debian.org> (supplier of updated golang-1.13 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 19 Oct 2019 13:30:36 +0200 Source: golang-1.13 Architecture: source Version: 1.13.3-1 Distribution: unstable Urgency: medium Maintainer: Go Compiler Team <team+go-compi...@tracker.debian.org> Changed-By: Dr. Tobias Quathamer <to...@debian.org> Closes: 942628 Changes: golang-1.13 (1.13.3-1) unstable; urgency=medium . * New upstream version 1.13.3 - Refresh patch - crypto/dsa: invalid public key causes panic in dsa.Verify. Fixes CVE-2019-17596. Closes: #942628 * Update Standards-Version to 4.4.1, no changes needed Checksums-Sha1: ffd4f399be0b601b6d19f367423bb334408d00de 2848 golang-1.13_1.13.3-1.dsc 1fdfd1586888d4d24f5dadee6016092f89e6049e 21618379 golang-1.13_1.13.3.orig.tar.gz 71354e37d6380fca61ee10a0922661fe8fe5c7b7 819 golang-1.13_1.13.3.orig.tar.gz.asc 9282a793d3a750967c8825978dcd3c01ea7ccc59 34168 golang-1.13_1.13.3-1.debian.tar.xz 27ddba6e9c0e2edd4c5e2f76061aabd589de9a18 6542 golang-1.13_1.13.3-1_amd64.buildinfo Checksums-Sha256: 1af77d2830097e986e50d8952a3d6c6bad60b1adec27d237d91c305d8b8e7d66 2848 golang-1.13_1.13.3-1.dsc 4f7123044375d5c404280737fbd2d0b17064b66182a65919ffe20ffe8620e3df 21618379 golang-1.13_1.13.3.orig.tar.gz 2a7c3786a48ec76790f780d35def629e8b773362ea1b85f4ebebd8538c55df91 819 golang-1.13_1.13.3.orig.tar.gz.asc 7c7cf2ffce8028eb1669748d60e5918b039940b0b093b29f9a297f854780a38c 34168 golang-1.13_1.13.3-1.debian.tar.xz f2370a67c474fb3e5445ba84194bbfd98096c9d8bc9a157e2094169256354bd2 6542 golang-1.13_1.13.3-1_amd64.buildinfo Files: c322cf6fbc7352036701e050aef23bf8 2848 devel optional golang-1.13_1.13.3-1.dsc 94ae8bf6a4fe623e34cb8b0db2a71ec0 21618379 devel optional golang-1.13_1.13.3.orig.tar.gz 35a89bc604faed9bc3a2caba6d897b53 819 devel optional golang-1.13_1.13.3.orig.tar.gz.asc 655497421e2ee72c9279614ea78b3b60 34168 devel optional golang-1.13_1.13.3-1.debian.tar.xz 80911b1ba1224f109e26695d17fa14d2 6542 devel optional golang-1.13_1.13.3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAl2q9uoACgkQEwLx8Dbr 6xmU6A/+O6L7UcbJqKjCDQ8EQRjGvKZIQlTDuqf0WWgp6JrYfKIgZB50MzNloVfH 2g08XH9N6uzJWdZs2DoR0P4XN9pG5jMJm8fgC5LMFrwQ7SmNV85OU4gu44Lh9yJm +neon+D9GtD4MNy1VtKD+yVKZ+fmfeN5aF4wSTHaBxwGO78v05so+7EV7lJSorpi QW2oNSCj6kTmZogOWuQgoCnDQCunTHVVKE8DE7Pxfvo4YKXLdcQtrewtx31AxiD/ 1lMwxscEXVMHih7dgWTL3hXriT33P8w/naDVh74NVqX53ePIaybyP7vtFAzUc2Ap wJq8uKKD64eftpCt/RS1qjr2v0ZacEszJea42/RbGm2lEEYBMr7QzgpTIm5hxpEg 2g+8F9xZ7G1tPeRNRIIigURfFC4WnSTG/uoXfq7zdRQDSgoQz7cHcmp/FErxVkkB dDO5GZu2Glainjmo963jJDp6I5RglXLtKtOknOKX/V7UMjJhE7p+mNN3wDq3ALtk UxiFMLXrWde3fdYJW1eTSbSB8vqeEL3CettDF2VosNYs2gH01CSHgUK+HZ4n6Ppf VYcVP7N00WJ59Iv8ygUOzbNHgOXlXp0ZpUPyjkm9XjjC28Wccwu5TAspi1ydtPEM nHvTmkQzZoVQuUSl3ii7LalBEKi4kBus/Ql5Mvqr7VTf5AZAxfo= =2TOx -----END PGP SIGNATURE-----
--- End Message ---
