Debian Package Tracker - golang-go.crypto

general

source: golang-go.crypto (main)
version: 1:0.0~git20181203.505ab14-1
maintainer: Debian Go Packaging Team [DMD]
uploaders: Michael Stapelberg [DMD] – Anthony Fok [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.0~hg190-1
stable: 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1
stable-bpo: 1:0.0~git20180513.94e3fad-2~bpo9+1
testing: 1:0.0~git20181203.505ab14-1
unstable: 1:0.0~git20181203.505ab14-1

versioned links

0.0~hg190-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.0~git20180513.94e3fad-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.0~git20181203.505ab14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-golang-x-crypto-dev

action needed

A new upstream version is available: 0.0~git20190611.5c40567 high

A new upstream version 0.0~git20190611.5c40567 is available, you should consider packaging it.

Created: 2019-01-05 Last update: 2019-06-20 22:16

2 security issues in jessie high

There are 2 open security issues in jessie.

1 important issue:

CVE-2019-11840: An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

1 issue skipped by the security teams:

CVE-2017-3204: The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

Please fix them.

Created: 2017-04-05 Last update: 2019-05-29 12:45

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-11840: An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

Please fix it.

Created: 2019-05-29 Last update: 2019-05-29 12:45

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-11840: An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

Please fix it.

Created: 2019-05-29 Last update: 2019-05-29 12:45

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2019-11840: An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

Please fix it.

Created: 2019-05-29 Last update: 2019-05-29 12:45

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit dfc49bae4dce61326f4b05c520f294135da431e0
Author: Anthony Fok <foka@debian.org>
Date:   Tue Jan 1 00:29:33 2019 -0700

    Remove Lintian override debian-watch-file-is-missing
    
    because we now have a debian/watch file.

Created: 2018-10-18 Last update: 2019-06-20 14:04

news

[rss feed]

[2019-01-03] golang-go.crypto 1:0.0~git20181203.505ab14-1 MIGRATED to testing (Debian testing watch)
[2019-01-01] Accepted golang-go.crypto 1:0.0~git20181203.505ab14-1 (source) into unstable (Anthony Fok)
[2018-06-19] golang-go.crypto 1:0.0~git20180614.a8fb68e-1 MIGRATED to testing (Debian testing watch)
[2018-06-16] Accepted golang-go.crypto 1:0.0~git20180614.a8fb68e-1 (source) into unstable (Alexandre Viau)
[2018-06-16] golang-go.crypto 1:0.0~git20180613.37a17fe-1 MIGRATED to testing (Debian testing watch)
[2018-06-14] Accepted golang-go.crypto 1:0.0~git20180613.37a17fe-1 (source) into unstable (Dr. Tobias Quathamer)
[2018-05-22] Accepted golang-go.crypto 1:0.0~git20180513.94e3fad-2~bpo9+1 (source all) into stretch-backports, stretch-backports (Anthony Fok)
[2018-05-21] golang-go.crypto 1:0.0~git20180513.94e3fad-2 MIGRATED to testing (Debian testing watch)
[2018-05-17] Accepted golang-go.crypto 1:0.0~git20180513.94e3fad-2 (source all) into unstable (Anthony Fok)
[2018-05-14] Accepted golang-go.crypto 1:0.0~git20180513.94e3fad-1 (source all) into unstable (Anthony Fok)
[2018-04-05] golang-go.crypto 1:0.0~git20180322.88942b9-1 MIGRATED to testing (Debian testing watch)
[2018-03-30] Accepted golang-go.crypto 1:0.0~git20180322.88942b9-1 (source) into unstable (Dr. Tobias Quathamer)
[2018-02-09] golang-go.crypto 1:0.0~git20170629.0.5ef0053-2 MIGRATED to testing (Debian testing watch)
[2018-02-03] Accepted golang-go.crypto 1:0.0~git20170629.0.5ef0053-2 (source) into unstable (Michael Lustfield)
[2017-07-06] golang-go.crypto 1:0.0~git20170629.0.5ef0053-1 MIGRATED to testing (Debian testing watch)
[2017-06-30] Accepted golang-go.crypto 1:0.0~git20170629.0.5ef0053-1 (source all) into unstable (Anthony Fok)
[2017-05-04] Accepted golang-go.crypto 1:0.0~git20170425.0.c7af5bf-1 (source) into experimental (Michael Lustfield)
[2017-05-01] Accepted golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Michael Lustfield)
[2017-04-30] golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 MIGRATED to testing (Debian testing watch)
[2017-04-26] Accepted golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (source) into unstable (Michael Lustfield)
[2017-04-08] Accepted golang-go.crypto 1:0.0~git20170407.0.55a552f-1 (source) into unstable (Michael Lustfield)
[2017-02-13] Accepted golang-go.crypto 1:0.0~git20161012.0.5f31782-1~bpo8+1 (source all) into jessie-backports (Martín Ferrari)
[2016-10-21] golang-go.crypto 1:0.0~git20161012.0.5f31782-1 MIGRATED to testing (Debian testing watch)
[2016-10-15] Accepted golang-go.crypto 1:0.0~git20161012.0.5f31782-1 (source all) into unstable (Anthony Fok)
[2016-09-03] golang-go.crypto 1:0.0~git20160824.0.351dc6a-1 MIGRATED to testing (Debian testing watch)
[2016-08-28] Accepted golang-go.crypto 1:0.0~git20160824.0.351dc6a-1 (source all) into unstable (Anthony Fok)
[2016-06-14] golang-go.crypto 1:0.0~git20160607.0.77f4136-1 MIGRATED to testing (Debian testing watch)
[2016-06-08] Accepted golang-go.crypto 1:0.0~git20160607.0.77f4136-1 (source all) into unstable (Anthony Fok)
[2016-05-29] Accepted golang-go.crypto 1:0.0~git20151201.0.7b85b09-2~bpo8+1 (source all) into jessie-backports, jessie-backports (Martín Ferrari)
[2015-12-10] golang-go.crypto 1:0.0~git20151201.0.7b85b09-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:0.0~git20180614.a8fb68e-1
1 bug