A security-related issue was recently reported in Go's crypto/elliptic package. To address this issue, we have just released Go 1.7.6 and Go 1.8.2.
The Go team would like to thank Vlad Krasnov and Filippo Valsorda at Cloudflare for reporting the issue and providing a fix. The issue affects Go's P-256 implementation on the 64-bit x86 architecture. This is CVE-2017-8932 and was addressed by this change: https://golang.org/cl/41070, tracked in this issue: https://golang.org/issue/20040 Downloads are available at https://golang.org/dl for all supported platforms. We will be releasing Go 1.8.3 later today, which will additionally include some non-security fixes. Cheers, Chris (on behalf of the Go team) -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
