---
- branch: MAIN
  date: Thu Jan 24 09:33:08 UTC 2019
  files:
  - new: '1.55'
    old: '1.54'
    path: pkgsrc/lang/go/version.mk
    pathrev: pkgsrc/lang/go/version.mk@1.55
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/lang/go110/distinfo
    pathrev: pkgsrc/lang/go110/distinfo@1.4
    type: modified
  id: 20190124T093308Z.d7d459691d405b6d814046110b7eadd50668aa84
  log: |
    Update go110 to 1.10.8 (security).

    This release addresses a recently supported security issue. This DoS
    vulnerability in the crypto/elliptic implementations of the P-521 and P-384
    elliptic curves may let an attacker craft inputs that consume excessive
    amounts of CPU.

    These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
    tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
    key is reused more than once, the attack can also lead to key recovery.

    The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
    See the Go issue for more details.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1548322388'
  user: bsiegert