* [Buildroot] [git commit branch/2021.05.x] package/go: security bump version to 1.16.6
@ 2021-08-06 20:44 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-08-06 20:44 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/plain, Size: 2168 bytes --]
commit: https://git.buildroot.net/buildroot/commit/?id=d1118e42895df84c220167872fe88b94e9936183
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.05.x
These minor releases include a security fix according to the new security policy (#44918).
crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters.
net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker
in a privileged network position without access to the server certificate's private key, as long as a trusted
ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with
Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher
suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
This is CVE-2021-34558.
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.16.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 806b26950d51de22ffbbed0c975e7317982eeb30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/go/go.hash | 2 +-
package/go/go.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index bc6147bb52..cd7f2b3813 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
# From https://golang.org/dl/
-sha256 7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80 go1.16.5.src.tar.gz
+sha256 a3a5d4bc401b51db065e4f93b523347a4d343ae0c0b08a65c3423b05a138037d go1.16.6.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 4252691343..7d6355df92 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.16.5
+GO_VERSION = 1.16.6
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
[-- Attachment #2: Type: text/plain, Size: 145 bytes --]
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-06 21:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-06 20:44 [Buildroot] [git commit branch/2021.05.x] package/go: security bump version to 1.16.6 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.