NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
113fc1042c
kumquat-buildroot/package/go/go.hash
Peter Korsgaard 5c9db62171 go: security bump to version 1.7.4 
On Darwin, user's trust preferences for root certificates were not honored.
If the user had a root certificate loaded in their Keychain that was
explicitly not trusted, a Go program would still verify a connection using
that root certificate.  This is addressed by https://golang.org/cl/33721,
tracked in https://golang.org/issue/18141.  Thanks to Xy Ziemba for
identifying and reporting this issue.

The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit.  It was possible for an attacker to generate a multipart request
crafted such that the server ran out of file descriptors.  This is addressed
by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-23 23:01:27 +01:00

3 lines
112 B
Plaintext
Raw Blame History

# Locally computed:
sha256 4c189111e9ba651a2bb3ee868aa881fab36b2f2da3409e80885ca758a6b614cc go1.7.4.src.tar.gz
Reference in New Issue View Git Blame Copy Permalink