
Security fixes released for Go 1.7 and 1.8 - omginternets
https://groups.google.com/forum/#!topic/golang-announce/B5ww0iFt1_Q
======
omginternets
From the discussion in the GitHub issue here [0]

>Cloudflare reported a carry bug in the P-256 implementation that they
submitted for x86-64 in 7bacfc6. I can reproduce this via random testing
against BoringSSL and, after applying the patch that they provided, can no
longer do so, even after ~231 iterations.

>This issue is not obviously exploitable, although we cannot rule out the
possibility of someone managing to squeeze something through this hole. (It
would be a cool paper.) Thus this should be treated as something to fix, but
not something on fire, based on what we currently know.

[0]
[https://github.com/golang/go/issues/20040](https://github.com/golang/go/issues/20040)

