projects / golang-1.11.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 23814f1) | patch
CVE-2022-23806
authorGo Compiler Team <team+go-compiler@tracker.debian.org>
Thu, 20 Apr 2023 14:32:58 +0000 (15:32 +0100)
committerSylvain Beucler <beuc@debian.org>
Thu, 20 Apr 2023 14:32:58 +0000 (15:32 +0100)
commit6b2abfb91385dd54226298d3deb290ffdbe2f114
tree6fd32068d0b2f08199f5faacb845ac1730558f1atree | snapshot
parent23814f114b8c0afb5da5f9bd7d2589be9184cad4commit | diff
CVE-2022-23806

Origin: https://github.com/golang/go/commit/6b3e741a834c34b8a844a33b3aa060dd4ed37231
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2023-04-18

From 6b3e741a834c34b8a844a33b3aa060dd4ed37231 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 2 Feb 2022 09:15:44 -0800
Subject: [PATCH] [release-branch.go1.16] crypto/elliptic: make IsOnCurve
 return false for invalid field elements

Updates #50974
Fixes #50977
Fixes CVE-2022-23806

Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

Gbp-Pq: Name CVE-2022-23806.patch
src/crypto/elliptic/elliptic.go diff | blob | history
src/crypto/elliptic/elliptic_test.go diff | blob | history
src/crypto/elliptic/p224.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.