diff options
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | doc/devel/release.html | 7 | ||||
-rw-r--r-- | src/crypto/dsa/dsa.go | 3 |
3 files changed, 11 insertions, 1 deletions
@@ -1 +1 @@ -go1.12.10
\ No newline at end of file +go1.12.11
\ No newline at end of file diff --git a/doc/devel/release.html b/doc/devel/release.html index 1634fbe170..c756cfeb4f 100644 --- a/doc/devel/release.html +++ b/doc/devel/release.html @@ -105,6 +105,13 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.10">Go 1.12.10 milestone</a> on our issue tracker for details. </p> +<p> +go1.12.11 (released 2019/10/17) includes security fixes to the +<code>crypto/dsa</code> package. +See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.11">Go +1.12.11 milestone</a> on our issue tracker for details. +</p> + <h2 id="go1.11">go1.11 (released 2018/08/24)</h2> <p> diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go index 575314b1b4..2fc4f1f05b 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -279,6 +279,9 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { } w := new(big.Int).ModInverse(s, pub.Q) + if w == nil { + return false + } n := pub.Q.BitLen() if n&7 != 0 { |