Hi Brian,
On Mon, Oct 5, 2020 at 3:35 AM Brian May wrote:
> I wasn't sure it was going to be worth it?
Maybe not for an independent DLA but we could always piggyback them
along with the ones that do.
(at least that's my opinion!)
> $ patch --dry-run -p1 < ../CVE-2020-9283.patch
> checking file
Utkarsh Gupta writes:
> On Mon, Oct 5, 2020 at 3:03 AM Brian May wrote:
>> I also had a look at CVE-2020-9283 (no DSA) - an invalid public key can
>> cause a panic - however I feel this is not really a security issue.
>
> But still, in case you can include a fix for this in this upload,
> that'd
Hi Brian,
Thanks for your work!
On Mon, Oct 5, 2020 at 3:03 AM Brian May wrote:
> I also had a look at CVE-2020-9283 (no DSA) - an invalid public key can
> cause a panic - however I feel this is not really a security issue.
But still, in case you can include a fix for this in this upload,
that'
Attached is my patch for golang-go.crypto which I intend to upload
tomorrow for:
* CVE-2019-11840
* CVE-2019-11841
I also had a look at CVE-2020-9283 (no DSA) - an invalid public key can
cause a panic - however I feel this is not really a security issue.
--
Brian May
diff -Nru golang-go.crypto-
