---
- branch: MAIN
  date: Thu May 25 09:06:43 UTC 2017
  files:
  - new: '1.52'
    old: '1.51'
    path: pkgsrc/lang/go/Makefile
    pathrev: pkgsrc/lang/go/Makefile@1.52
    type: modified
  - new: '1.49'
    old: '1.48'
    path: pkgsrc/lang/go/distinfo
    pathrev: pkgsrc/lang/go/distinfo@1.49
    type: modified
  - new: '1.26'
    old: '1.25'
    path: pkgsrc/lang/go/version.mk
    pathrev: pkgsrc/lang/go/version.mk@1.26
    type: modified
  id: 20170525T090643Z.d0289a95f570380ccdf5674274ace33241e82605
  log: |
    SECURITY: Update Go to 1.8.2, fixing CVE-2017-8932,
    carry bug in x86-64 P-256.

    A security-related issue was recently reported in Go's crypto/elliptic package.
    To address this issue, we have just released Go 1.7.6 and Go 1.8.2.

    The Go team would like to thank Vlad Krasnov and Filippo Valsorda at Cloudflare
    for reporting the issue and providing a fix.

    The issue affects Go's P-256 implementation on the 64-bit x86 architecture.

    This is CVE-2017-8932 and was addressed by this change:
    https://golang.org/cl/41070, tracked in this issue:
    https://golang.org/issue/20040
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/go'
  unixtime: '1495703203'
  user: bsiegert