-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 07 Sep 2020 08:29:03 +1000 Source: golang-go.crypto Binary: golang-golang-x-crypto-dev golang-go.crypto-dev Architecture: source all Version: 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org> Changed-By: Brian May <bam@debian.org> Description: golang-go.crypto-dev - Transitional package for golang-golang-x-crypto-dev golang-golang-x-crypto-dev - Supplementary Go cryptography libraries Changes: golang-go.crypto (1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-11841: reject potentially misleading headers and messages. * Fix CVE-2019-11840: fix keystream loop in amd64 assembly when overflowing 32-bit counter. * Fix CVE-2020-9283: signature verification could cause Panic when given invalid Public key. Checksums-Sha1: 911c7829c2fb06aba46055506558dde0eb2da2c6 2748 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.dsc ed416354f9339ceb33e5bdd60132398aecbdef79 1100132 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782.orig.tar.xz ab2594c955bcdc169bcdf4bd90ae07bb5d4535dd 16428 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.debian.tar.xz 71d9e20260a7c73726e25fa7cb036d7fdce3d6ec 3912 golang-go.crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb 66fb08b478cec4bbfc292b28cd823aa7942a24b8 7120 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_amd64.buildinfo 213bc993c92e8a679734c29509f048a87dec6425 1109094 golang-golang-x-crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb Checksums-Sha256: 056ff5c2012add98b913c1d212717f6b13d2dc4cd37827f0a4e70ae031f26e7c 2748 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.dsc a0697187211be58315cd5bf64831c6560295002676c41ef2a06d11536ca5f723 1100132 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782.orig.tar.xz 650f14db324b5f7f401e7256671366e48bc5349b4382d78a6768142a87040dae 16428 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.debian.tar.xz 8e1e60228049ac3692b8b8ee357d5b6c44d6ebb4ecf14a214fc5ac023071fc5e 3912 golang-go.crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb d9f0a448ecb884bab2c5a243e48d84d7656d71bd094a74d52bd026376511ad7a 7120 golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_amd64.buildinfo ad37d9f3bdffe861f6bf648ce4fb71f487056eb7f043633c6c1972cac4cda6c9 1109094 golang-golang-x-crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb Files: baec32dfe3c6dcb80afe9b97ff274b17 2748 devel extra golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.dsc e66ac1fd994db1dd282a3c64a6c3ae7c 1100132 devel extra golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782.orig.tar.xz 1d5d5bcf607ec66081b48e9e17159906 16428 devel extra golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.debian.tar.xz e2e6df7b3c2516c6450fda3c2943b8a7 3912 oldlibs extra golang-go.crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb 151a34df99465febbf59d048bb9d974c 7120 devel extra golang-go.crypto_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_amd64.buildinfo 555fe5fb45f2cd6a5b3732a697128904 1109094 devel extra golang-golang-x-crypto-dev_0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl9+Q0gACgkQKpJZkldk Svrmqg//cLkMvU5Dxev6cJQkvjY/hn/X4ynljJjUic06WjDZk12Yhw3OHCCQvXK5 SLFLotxlQV335SE8ko9pQZyriX0+6MHn4TDjN/nH4rTnjQ9dkYJDAFNUe8FxqwXz wEPPT7EebWOuFFmo+RHF/GSJl6xpxwf6CVu6k0vC7o1f2d7LR4/mr/sKxMLbxt6n gMAjIJegCQ8FBAjNF0608hCIxP+6oLZWwYfjZPhs3DRZiVBjYMG7Wk100vGpNYT+ 5k3eNwBX9u5yG9GtC842B9rqlKR/TKD0JB8fEaAULww0TvGlba1hn+znz/z/P/7Q vz6UvDdCNDSJIMXyBd99ksjdMZalXGNPPQaoktQxdgc/JvL+Yni1OxjWgbu1yfZP q12n3WxjSTjnmI8JDt7GfIIVPyp3bwZvSGASWBcyfx/ynTqHp779xFvOoxotJVG1 RNP3cJZhkkbbORak/gvMSzVUclunPnaq+o5/3d2W37I/kBHente+W2OPChXvpjPJ VNxtJzxF2diqOsXq1aejz7bZWQFpnhu2RE24mSBQNTYYzQORrrldSrYF4bqiXBrK L225/4OlIUu7/Y4fr07HhzrKlRZpzDff1x34WYgs5rcu/4LTkhKs2aekq60ePylW Uv1Qry/gR+aJFn2KGT8Y0fcIC4+6rNvjn1Fz5AIJKh7DMM4t1I0= =UGpt -----END PGP SIGNATURE-----