#29171 closed task (implemented)

Redeploy meek-server instances with go1.11.5

Reported by: dcf Owned by: dcf
Priority: Medium Milestone:
Component: Circumvention/meek Version:
Severity: Normal Keywords:
Cc: inf0, sysrqb Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

CVE-2019-6486 is a DoS on the implementation of certain elliptic curves, fixed in go1.11.5.

Redeploy servers that use crypto/tls and therefore may be exposed to the bug:

  • cymrubridge02 (backend for meek-azure)
  • starman (throttled meek.bamsoftware.com)
  • maenad (unthrottled meek.bamsoftware.com)
  • GAEuploader (gaeuploader.meek.bamsoftware.com)

Child Tickets

Change History (4)

comment:1 Changed 11 months ago by sysrqb

Cc: sysrqb added

I'll update this ticket when bridgedb's meek-server instance is updated.

comment:2 in reply to:  1 Changed 11 months ago by sysrqb

Replying to sysrqb:

I'll update this ticket when bridgedb's meek-server instance is updated.

This is complete.

comment:3 Changed 10 months ago by dcf

Done for starman, maenad, GAEuploader.

comment:4 Changed 10 months ago by dcf

Resolution: implemented
Status: newclosed

cymrubridge02 is now done too.

Note: See TracTickets for help on using tickets.