[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request for math/big.Exp
From:       Jessie Frazelle <jess () docker ! com>
Date:       2015-12-22 22:50:51
Message-ID: CAKPjEProU-z8yLBZLuPAMGW0iWZtewaKwJVLbHNJqWGVD7xNnA () mail ! gmail ! com
[Download RAW message or body]


do you plan on backporting the commit Florian mentioned as well?

On Tue, Dec 22, 2015 at 1:24 PM, Jason Buberel <jbuberel@google.com> wrote:

> The Go team plans to release Go 1.5.3 on Wednesday, January 13th to address
> this issue.
>
> On Tue, Dec 22, 2015 at 12:36 PM <cve-assign@mitre.org> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > > The problem that was
> > > identified is similar to CVE-2015-3193
> >
> > >> math/big: fix carry propagation in Int.Exp Montgomery code
> > >> src/math/big/nat.go
> >
> > Use CVE-2015-8618.
> >
> > - --
> > CVE assignment team, MITRE CVE Numbering Authority
> > M/S M300
> > 202 Burlington Road, Bedford, MA 01730 USA
> > [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> >
> > iQIcBAEBCAAGBQJWebPbAAoJEL54rhJi8gl5LMsP/20/WzubhID16KKW84qnlMAo
> > F6w3/kPkfTTBr+42W3bNZYSCY0ieVwQsvTN6uz8GrMxJ6H/Vko3H17ltXZAx0nxP
> > Vc53H2QbAiyCaaUA6+vqAeosjBbBhvXNkw7Dj9utDu1hJ2rbBtf5ujddF48CxjoJ
> > +Fsrr7TYHX3Su/4r7MNtBtcMjOeWfD3xB+h++Lp5CL/z4tRKXBS02OM+tlVvdGvq
> > llQQ8dwGIYaJv8v3ZIIdXk1dzurws2B6gvF6uDeaseXtbFpMbRpXxgeFddLowjtZ
> > th9I7oxQUvFASrraIQrobaKPpEOfDJrMjhVzFHPtEFtTvrR71qYqq58NXaoflGV1
> > gEtSptbjm5sAwsjxOWhOVO+wA9JHA8upV2ZVxczdeFGlvyko2KBWdMorjEIWLQGI
> > x2DbkL2+hXlCJfZZUfNy0BjyGpZPGlmT7ZAYguxz6VTT/EC67gJ6pkiv5mZKOeBY
> > PHtH7UaYVBYwh6h5opdmvhkhTJ/a9lXhIez5s5HhX01P31DHmx6RLUMeTBikjwmz
> > IFOEulqQhAH0Qtp2XvPAMKeICXpEv7iWmoP8yNAYQ0SzS4awc7ZjK1mcRka1hcY5
> > Bc5nbQvbZGPag0QeyYPdKyYuNqugj6d3J81kIlcpNfjCT1lSVhxxwjQQzlpi0FCR
> > YJqwm2p3NhpjW57fGRux
> > =HP2t
> > -----END PGP SIGNATURE-----
> >
>


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic