Hi
Now the patch is available again in case you want to do the update.
/ Ola
Den fre 19 mars 2021 17:40Ola Lundqvist skrev:
> Hi
>
> I do not really think it is worth it. But that is more related to the fact
> that I have not understood what the security problem is.
>
> Yes, my site is down. I
Hi
I do not really think it is worth it. But that is more related to the fact
that I have not understood what the security problem is.
Yes, my site is down. It is concluded to be just ash right now. I have a
backup so I should be able to upload the patch to somewhere else.
// Ola
On Thu, 18 Mar
Hello,
On Tue, Mar 9, 2021 at 11:15 PM Sylvain Beucler wrote:
> > You can find the patch here:
> > http://apt.inguza.net/stretch-lts/golang-gogoprotobuf/CVE-2021-3121-1.patch
Ola, can you move that patch to somewhere else? Because I guess your
site is still down. :(
> It should be noted that go
Hi Sylvain and all
Sylvain Thank you for pointing me to this.
I have checked the first three packages in the list you gave and all have
"skippy in it". Some many times.
All: The conclusion I draw is that we should not fix CVE-2021-3121 or any
other golang packages.
Or should we rebuild as we seem
Hi,
I'll let the Go packagers answer authoritatively but as I'm currently
working on golang fixes I'd like to share a few points:
On 08/03/2021 22:48, Ola Lundqvist wrote:
I have prepared a patch for CVE-2021-3121 described in:
https://security-tracker.debian.org/tracker/CVE-2021-3121
You
Hi
I have prepared a patch for CVE-2021-3121 described in:
https://security-tracker.debian.org/tracker/CVE-2021-3121
You can find the patch here:
http://apt.inguza.net/stretch-lts/golang-gogoprotobuf/CVE-2021-3121-1.patch
The patch is based on the following commit:
https://github.com/gogo/protob
