go: security bump to version 1.7.4 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-01-23 16:17:46 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2017-01-24 12:30:34 +0100
commit	9227779188b3fc65b513c46de0b5e1bc056fea8e (patch)
tree	dc431424a912a21e3cd5087020f2c51c7bbde96f /package/python-pycli/python-pycli.mk
parent	7979d1ba7126b4c02fcdbb5dd7685ecfd9664d80 (diff)
download	buildroot-9227779188b3fc65b513c46de0b5e1bc056fea8e.tar.gz buildroot-9227779188b3fc65b513c46de0b5e1bc056fea8e.zip

go: security bump to version 1.7.4

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. This is addressed by https://golang.org/cl/33721, tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for identifying and reporting this issue. The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. This is addressed by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965. Thanks to Simon Rawet for the report. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 5c9db62171cefb125193a6f814a0046536fc76a1)

Diffstat (limited to 'package/python-pycli/python-pycli.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: