Candidate: CVE-2016-3959
PublicDate: 2016-05-23 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3959
 https://golang.org/cl/21533
 http://seclists.org/oss-sec/2016/q2/11
Description:
 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x
 before 1.6.1 does not properly check parameters passed to the big integer
 library, which might allow remote attackers to cause a denial of service
 (infinite loop) via a crafted public key to a program that uses HTTPS
 client certificates or SSH server libraries.
Ubuntu-Description:
Notes:
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_golang:
upstream_golang: needs-triage
precise_golang: ignored (reached end-of-life)
precise/esm_golang: DNE (precise was needs-triage)
trusty_golang: ignored (reached end-of-life)
trusty/esm_golang: DNE (trusty was needed)
vivid/stable-phone-overlay_golang: ignored (reached end-of-life)
vivid/ubuntu-core_golang: ignored (reached end-of-life)
wily_golang: ignored (reached end-of-life)
xenial_golang: DNE
yakkety_golang: DNE
zesty_golang: DNE
artful_golang: DNE
bionic_golang: DNE
cosmic_golang: DNE
disco_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: released (1.6.1)
precise_golang-1.6: DNE
precise/esm_golang-1.6: DNE
trusty_golang-1.6: ignored (reached end-of-life)
trusty/esm_golang-1.6: DNE (trusty was needed)
vivid/stable-phone-overlay_golang-1.6: DNE
vivid/ubuntu-core_golang-1.6: DNE
wily_golang-1.6: DNE
xenial_golang-1.6: not-affected (1.6.1-0ubuntu1)
esm-infra/xenial_golang-1.6: not-affected (1.6.1-0ubuntu1)
yakkety_golang-1.6: ignored (reached end-of-life)
zesty_golang-1.6: DNE
artful_golang-1.6: DNE
bionic_golang-1.6: DNE
cosmic_golang-1.6: DNE
disco_golang-1.6: DNE
devel_golang-1.6: DNE