Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls exists CVE-2016-8610 security hole #22625

Closed
cuisj opened this issue Nov 8, 2017 · 2 comments
Closed

crypto/tls exists CVE-2016-8610 security hole #22625

cuisj opened this issue Nov 8, 2017 · 2 comments
Labels
FrozenDueToAge

Comments

@cuisj
Copy link

cuisj commented Nov 8, 2017
edited

What version of Go are you using (go version)?

go1.9.2

What operating system and processor architecture are you using (go env)?

amd64 linux

What did you do?

use Vulnerability Scanner found the CVE-2016-8610 security hole
@odeke-em
Copy link
Member

odeke-em commented Nov 8, 2017

Thank you for creating the issue @cuisj! For starters would you mind providing some more context to the issue, how one can reproduce it, how did you find it with the Vulnerability Scanner? That helps a lot in diagnosing the problem and fixing it.

Also in the future, since Critical Vulnerabilities are usually quite sensitive, would you mind reporting
such as per our security policy in https://golang.org/security?

A quick look up of that CVE points to SSL Death Alert and I'll tag Mr. crypto @agl

@davecheney
Copy link
Contributor

Duplicate of #22543

@davecheney davecheney marked this as a duplicate of #22543 Nov 8, 2017
@golang golang locked and limited conversation to collaborators Nov 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davecheney @odeke-em @gopherbot @cuisj