---
- branch: pkgsrc-2018Q4
  date: Fri Feb  8 11:31:19 UTC 2019
  files:
  - new: 1.53.2.2
    old: 1.53.2.1
    path: pkgsrc/lang/go/version.mk
    pathrev: pkgsrc/lang/go/version.mk@1.53.2.2
    type: modified
  - new: 1.4.2.1
    old: '1.4'
    path: pkgsrc/lang/go111/distinfo
    pathrev: pkgsrc/lang/go111/distinfo@1.4.2.1
    type: modified
  id: 20190208T113119Z.0d3d643e49f1135d18fbca9112588bf535fde4b5
  log: |
    Pullup ticket #5906 - requested by bsiegert
    lang/go111: security update

    Revisions pulled up:
    - lang/go/version.mk                                            1.54
    - lang/go111/distinfo                                           1.5

    -------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   bsiegert
       Date:           Thu Jan 24 09:26:21 UTC 2019

       Modified Files:
               pkgsrc/lang/go: version.mk
               pkgsrc/lang/go111: distinfo

       Log Message:
       Update go111 to 1.11.5 (security).

       This release addresses a recently supported security issue. This DoS
       vulnerability in the crypto/elliptic implementations of the P-521 and P-384
       elliptic curves may let an attacker craft inputs that consume excessive
       amounts of CPU.

       These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
       tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
       key is reused more than once, the attack can also lead to key recovery.

       The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
       See the Go issue for more details.

       To generate a diff of this commit:
       cvs rdiff -u -r1.53 -r1.54 pkgsrc/lang/go/version.mk
       cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go111/distinfo
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2018Q4] pkgsrc/lang'
  unixtime: '1549625479'
  user: spz