Go just released a security advisory and an update: https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4
Apparently programs compiled with the vulnerable versions of Go could leak private keys during TLS operations.
Is syncthing potentially affected by this?