Fedora has issued an advisory on December 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7AFKMHIPFDN2WA6H2U45OW535UPNQEBX/ The issue is fixed in 1.6.4 and there's a link to the upstream patch here: https://bugzilla.redhat.com/show_bug.cgi?id=1401985 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
URL: (none) => https://lwn.net/Vulnerabilities/708996/
1.6.4 doesn't build out of the box. Reported upstream in https://github.com/golang/go/issues/18491 I'll update cauldron to 1.7.4 and cherry pick the fix for 1.6.3 in MGA5.
Status: NEW => ASSIGNED
MGA 5 has a proposed fix with 1.6.4. I have pushed it to updates_testing. I'll provide that one for cauldron too, while working on a more recent version (but doesn't work out of the box for now)
Assignee: bruno => qa-bugs
Bruno also added the advisory in SVN (same description as in the RedHat Bugzilla, as seen on the LWN entry). Thanks Bruno!
CC: (none) => brunoVersion: Cauldron => 5Whiteboard: MGA5TOO => advisory
Prior to testing this, had a look at test procedure possibilities in Bug 19102; but need to clarify that before trying to employ it.
CC: (none) => lewyssmith
Testing M5 x64, OK Following https://bugs.mageia.org/show_bug.cgi?id=19102#c11 using the two simple scripts provided: https://bugs.mageia.org/attachment.cgi?id=8444 https://bugs.mageia.org/attachment.cgi?id=8445 for which many thanks to Len for his groundwork. BEFORE the update, I installed: golang-1.6.3-1.mga5 golang-bin-1.6.3-1.mga5 golang-misc-1.6.3-1.mga5 golang-shared-1.6.3-1.mga5 golang-src-1.6.3-1.mga5 golang-tests-1.6.3-1.mga5 $ go run dup1.go < dup1.go 5 2 } correctly reports 5 blank lines and two occurrences of " }". $ go test fail_test.go --- FAIL: TestErrorreport (0.00s) fail_test.go:6: I'm in a bad mood. FAIL FAIL command-line-arguments 0.007s which is correct. AFTER seamless update to: golang-1.6.4-1.mga5 golang-bin-1.6.4-1.mga5 golang-misc-1.6.4-1.mga5 golang-shared-1.6.4-1.mga5 golang-src-1.6.4-1.mga5 golang-tests-1.6.4-1.mga5 the two tests gave the same output as previously. Update deemed OK.
Whiteboard: advisory => advisory MGA5-64-OK
$ uname -a Linux localhost 4.4.39-desktop-1.mga5 #1 SMP Fri Dec 16 18:52:20 UTC 2016 i686 i686 i686 GNU/Linux To satisfy dependencies, the following package(s) also need to be installed: - gcc-4.9.2-4.1.mga5.i586 - gcc-cpp-4.9.2-4.1.mga5.i586 - golang-bin-1.6.4-1.mga5.i586 - golang-src-1.6.4-1.mga5.noarch - libmpc3-1.0.2-4.mga5.i586 I repeated Lewis' tests and experienced the same results This is ready to go 32-bit
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK mga5-32-okCC: (none) => brtians1, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0019.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED