2017-10-19 02:22:52 +02:00
|
|
|
# From https://golang.org/dl/
|
package/go: security bump to version 1.13.3
Fixes the following security issues (1.33.2):
- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
In particular, using crypto/x509.Verify on a crafted X.509 certificate
chain can lead to a panic, even if the certificates don’t chain to a
trusted root. The chain can be delivered via a crypto/tls connection to a
client, or to a server that accepts and verifies client certificates.
net/http clients can be made to crash by an HTTPS server, while net/http
servers that accept client certificates will recover the panic and are
unaffected.
Additionally, 1.13.3 fixes a number of issues. From the release notes:
Fixes to the go command, the toolchain, the runtime, syscall, net, net/http,
and crypto/ecdsa packages
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 22:27:28 +01:00
|
|
|
sha256 4f7123044375d5c404280737fbd2d0b17064b66182a65919ffe20ffe8620e3df go1.13.3.src.tar.gz
|
2018-11-06 23:28:10 +01:00
|
|
|
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
|
