go: security bump to version 1.7.4 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-01-23 16:17:46 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2017-01-23 23:01:27 +0100
commit	5c9db62171cefb125193a6f814a0046536fc76a1 (patch)
tree	76a13eec9d9ec31e8ba34060f308d213a11f8bce /package/python-logbook/python-logbook.hash
parent	5e2f55d41f9c0e86376d84f3829393b418bea039 (diff)
download	buildroot-5c9db62171cefb125193a6f814a0046536fc76a1.tar.gz buildroot-5c9db62171cefb125193a6f814a0046536fc76a1.zip

go: security bump to version 1.7.4

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. This is addressed by https://golang.org/cl/33721, tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for identifying and reporting this issue. The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. This is addressed by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965. Thanks to Simon Rawet for the report. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/python-logbook/python-logbook.hash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: