gostls13.git log

commit ef74bfc859c918aeab796c2fa18f4a5dde862343 [browse]
Author: Katie Hockman
Date: 2019-10-17 12:38:18 -04:00

[release-branch.go1.12-security] go1.12.11

Change-Id: I8421754104cb795270dbcb6f554ed3a78a719483
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575988
Reviewed-by: Filippo Valsorda <valsorda@google.com>

commit 1f09bc6b4076e375889c84e56d2e0d9ffe0da920 [browse]
Author: Katie Hockman
Date: 2019-10-17 10:50:53 -04:00

[release-branch.go1.12-security] doc: document Go 1.12.11

Change-Id: I73f27924046a0a2493330ddc732d1a2fd3f730a5
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575981
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575985

commit 2017d88dbc096381d4f348d2fb08bfb3c2b7ed73 [browse]
Author: Katie Hockman
Date: 2019-10-14 16:42:21 -04:00

[release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic

dsa.Verify might currently use a nil s inverse in a
multiplication if the public key contains a non-prime Q,
causing a panic. Change this to check that the mod
inverse exists before using it.

Fixes CVE-2019-17596

Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232

commit 6c15c7cce718e1e9a47f4f0ab1bd70923b04557b [browse]
Author: Filippo Valsorda
Date: 2019-09-25 13:34:06 -04:00

[release-branch.go1.12-security] go1.12.10

Change-Id: I64d76a35ad113110cb83117c6ce5d4d923d93c93
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558789
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit ea17f61b1e8dca307b674843fdf9f9408306db97 [browse]
Author: Filippo Valsorda
Date: 2019-09-25 11:18:50 -04:00

[release-branch.go1.12-security] doc: document Go 1.12.10

Change-Id: If694ce529393b8ae9c6c55270665efc3a108a3b2
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558778
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558784

clone the repository to get more history