On 10 August 2015 at 09:45, Salvatore Bonaccorso <car...@debian.org> wrote: > See https://marc.info/?l=oss-security&m=143885136906807&w=2 for the > CVE assignments for the issues.
Looks like we need to work on backporting three commits to 1.0.2, 1.3.3, and 1.4.2: - https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9 - https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f - https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e I foolishly started my attempts with 1.0.2 so I'm not making a lot of progress. I'd imagine the patches will be simpler to apply to 1.4.2 first (since it's much more recent and should have a more familiar codebase to what the patches are expecting). ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
