[release-branch.go1.10] all: merge release-branch.go1.10-security into release-branch.go1.10

Change-Id: Iddb571880e8b688b8de9cd013f497f6eed0c7692

3 files changed, 10 insertions, 2 deletions

diff --git a/VERSION b/VERSION
index 0e23a5c14f..385b67f2f8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-go1.10.7
\ No newline at end of file
+go1.10.8
\ No newline at end of file
diff --git a/doc/devel/release.html b/doc/devel/release.html
index 9f4500ac79..89991f48c1 100644
--- a/doc/devel/release.html
+++ b/doc/devel/release.html
@@ -87,6 +87,13 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.7+labe
 Go 1.10.7 milestone</a> on our issue tracker for details.
 </p>
 
+<p>
+go1.10.8 (released 2019/01/23) includes a security fix to the
+<code>crypto/elliptic</code> package.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.8+label%3ACherryPickApproved">Go
+1.10.8 milestone</a> on our issue tracker for details.
+</p>
+
 <h2 id="go1.9">go1.9 (released 2017/08/24)</h2>
 
 <p>
diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
index 35aacf24e5..76b78a790e 100644
--- a/src/crypto/elliptic/elliptic.go
+++ b/src/crypto/elliptic/elliptic.go
@@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int,
 
 	x3 := new(big.Int).Mul(alpha, alpha)
 	beta8 := new(big.Int).Lsh(beta, 3)
+	beta8.Mod(beta8, curve.P)
 	x3.Sub(x3, beta8)
-	for x3.Sign() == -1 {
+	if x3.Sign() == -1 {
 		x3.Add(x3, curve.P)
 	}
 	x3.Mod(x3, curve.P)