Branch c7.1 update bulletin.

Package golang updated to version 1.4.2-alt0.M70C.1 for branch c7.1 in task 210496.

Published: 2014-10-07
Modified: 2024-11-21

CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Severity: MEDIUM (4.3)

References:

[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability
70156
go-cve20147189-sec-bypass(96693)
https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability
https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
go-cve20147189-sec-bypass(96693)
70156

Не находит корневой сертификат

Не собирается, если указывать опцию -а

Version: 2.1.0

Branch c7.1 update on 2018-08-02

ALT-BU-2018-3377-1

ALT-PU-2018-2072-1

Closed vulnerabilities

CVE-2014-7189

Closed bugs

Bug #29449

Bug #29508