Upstream has announced a security issue in Go: http://openwall.com/lists/oss-security/2015/07/29/7 It will be fixed in 1.4.3. Apparently, only Cauldron is affected. Reproducible: Steps to Reproduce:
Fedora has issued an advisory for this on August 7: https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163980.html There are more details, including upstream commits, CVE assignments, and a note about possibly another existing issue, in the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1250352
URL: (none) => http://lwn.net/Vulnerabilities/654887/Summary: golang new security issue to be fixed in 1.4.3 => golang new security issue to be fixed in 1.4.3 (CVE-2015-5739 CVE-2015-5740 CVE-2015-5741)
Severity: normal => major
Joseph, _again_ you are ignoring security bug that is assigned to you...
CC: (none) => mageia
(In reply to Sander Lepik from comment #2) > Joseph, _again_ you are ignoring security bug that is assigned to you... Then perhaps he should not be the maintainer.
CC: (none) => cooker
Fixed in golang-1.4.3-1.mga6 by Joseph.
Status: NEW => RESOLVEDResolution: (none) => FIXED