Branch sisyphus update bulletin.

Package golang updated to version 1.4.2-alt1 for branch sisyphus in task 143997.

Published: 2014-10-07
Modified: 2024-11-21

CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Severity: MEDIUM (4.3)

References:

[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability
70156
go-cve20147189-sec-bypass(96693)
https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability
https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
go-cve20147189-sec-bypass(96693)
70156

Version: 2.1.0

Branch sisyphus update on 2015-05-04

ALT-BU-2015-2440-1

ALT-PU-2015-1421-1

Closed vulnerabilities

CVE-2014-7189