mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-04 06:10:16 +03:00
a3882d58aa
Fixes the following security issues (1.12.11): - CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don’t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are naffected. Additionally, 1.12.11 fixes a number of issues. From the release notes: fixes to the go command, runtime, syscall and net packages. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>