Bug 16497

Summary: golang new security issue to be fixed in 1.4.3 (CVE-2015-5739 CVE-2015-5740 CVE-2015-5741)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Joseph Wang <joequant>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: cooker, mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/654887/
Whiteboard:
Source RPM: golang-1.4.2-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2015-07-29 18:22:24 CEST 
Upstream has announced a security issue in Go:
http://openwall.com/lists/oss-security/2015/07/29/7

It will be fixed in 1.4.3.  Apparently, only Cauldron is affected.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-08-18 17:08:44 CEST 
Fedora has issued an advisory for this on August 7:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163980.html

There are more details, including upstream commits, CVE assignments, and a note about possibly another existing issue, in the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1250352

URL: (none) => http://lwn.net/Vulnerabilities/654887/
Summary: golang new security issue to be fixed in 1.4.3 => golang new security issue to be fixed in 1.4.3 (CVE-2015-5739 CVE-2015-5740 CVE-2015-5741)

David Walser 2015-08-18 17:08:53 CEST

Severity: normal => major

Comment 2 Sander Lepik 2015-09-19 21:38:45 CEST 
Joseph, _again_ you are ignoring security bug that is assigned to  you...

CC: (none) => mageia

Comment 3 Johnny A. Solbu 2015-09-27 18:20:57 CEST 
(In reply to Sander Lepik from comment #2)
> Joseph, _again_ you are ignoring security bug that is assigned to  you...

Then perhaps he should not be the maintainer.

CC: (none) => cooker

Comment 4 David Walser 2015-09-28 15:27:52 CEST 
Fixed in golang-1.4.3-1.mga6 by Joseph.

Status: NEW => RESOLVED
Resolution: (none) => FIXED