From 89d00c5ac1db8eac00e602a704d4b759797db699 Mon Sep 17 00:00:00 2001
From: Katie Hockman
Date: Oct 17 2019 19:20:29 +0000
Subject: [release-branch.go1.12] all: merge release-branch.go1.12-security into release-branch.go1.12
Change-Id: Ied19fb5f182670c9dc3bd15327d461b203187cf6
---
diff --git a/VERSION b/VERSION
index 40bdee3..524722c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-go1.12.10
\ No newline at end of file
+go1.12.11
\ No newline at end of file
diff --git a/doc/devel/release.html b/doc/devel/release.html
index 1634fbe..c756cfe 100644
--- a/doc/devel/release.html
+++ b/doc/devel/release.html
@@ -105,6 +105,13 @@ See the Go
1.12.10 milestone on our issue tracker for details.
+
+go1.12.11 (released 2019/10/17) includes security fixes to the
+crypto/dsa
package.
+See the Go
+1.12.11 milestone on our issue tracker for details.
+
+
go1.11 (released 2018/08/24)
diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
index 575314b..2fc4f1f 100644
--- a/src/crypto/dsa/dsa.go
+++ b/src/crypto/dsa/dsa.go
@@ -279,6 +279,9 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
}
w := new(big.Int).ModInverse(s, pub.Q)
+ if w == nil {
+ return false
+ }
n := pub.Q.BitLen()
if n&7 != 0 {