[security] Go 1.7.6 and Go 1.8.2 are released

[Chris Broadfoot]

A security-related issue was recently reported in Go's crypto/elliptic package.

To address this issue, we have just released Go 1.7.6 and Go 1.8.2.

The Go team would like to thank Vlad Krasnov and Filippo Valsorda at Cloudflare for reporting the issue and providing a fix.

The issue affects Go's P-256 implementation on the 64-bit x86 architecture.

This is CVE-2017-8932 and was addressed by this change: https://golang.org/cl/41070, tracked in this issue: https://golang.org/issue/20040

Downloads are available at https://golang.org/dl for all supported platforms.

We will be releasing Go 1.8.3 later today, which will additionally include some non-security fixes.

Cheers,

Chris (on behalf of the Go team)