02dec48bab
Includes a security fix for crypto/elliptic (CVE-2023-24532). > go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, > as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and > the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. > See the Go 1.20.2 milestone on our issue tracker for details. https://go.dev/doc/devel/release#go1.20.minor From the announcement: > We have just released Go versions 1.20.2 and 1.19.7, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results > > The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an > incorrect result if called with some specific unreduced scalars (a scalar larger > than the order of the curve). > > This does not impact usages of crypto/ecdsa or crypto/ecdh. > > This is CVE-2023-24532 and Go issue https://go.dev/issue/58647. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| actions/setup-runner | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| CODEOWNERS | ||
| PULL_REQUEST_TEMPLATE.md | ||