Hi all, CVE-2022-27191 was published recently for golang-x-crypto and a BZ ticket[2] has been opened for every package that depends on it. It has a 7.5 score for CVSS 3.x.
FWIU, in order to fix this CVE, a new version of golang-x-crypto and rebuilding all dependent packages is required. I opened a PR[3] to update golang-x-crypto as the first step. As I'm still not part of go-sig, can someone review, merge if OK and build it for current Fedora releases? I applied today to be a member of go-sig[4] to help with this and other tasks, but don't know how long it will take to be accepted. Kind regards, Mikel Olasagasti (mikelo2) [1] https://nvd.nist.gov/vuln/detail/CVE-2022-27191 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2064702 [3] https://src.fedoraproject.org/rpms/golang-x-crypto/pull-request/2 [4] https://pagure.io/GoSIG/go-sig/issue/1#comment-792166 _______________________________________________ golang mailing list -- golang@lists.fedoraproject.org To unsubscribe send an email to golang-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
