diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-12-15 16:50:10 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-12-16 12:17:47 +0100 |
| commit | d810fee306e9a3b9c2408e2927288c1bc4c8d699 (patch) | |
| tree | 4e00877ae0491729c2e3a2988e2fc809e16d2740 /package/docker-compose/0001-setup.py-allow-all-recent-2.x-requests-releases.patch | |
| parent | 875efa45b05a148ae8a0516d3b8eabd5cac08c97 (diff) | |
| download | buildroot-d810fee306e9a3b9c2408e2927288c1bc4c8d699.tar.gz buildroot-d810fee306e9a3b9c2408e2927288c1bc4c8d699.zip | |
package/go: security bump to version 1.11.4
go 1.11.3 fixes the following security issues:
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.
cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.
crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
go 1.11.4 fixes issues, including regressions introduced by 1.11.3:
1.11.4 includes fixes to cgo, the compiler, linker, runtime, documentation, go
command, and the net/http and go/types packages. It includes a fix to a bug
introduced in Go 1.11.3 that broke go get for import path patterns
containing "...".
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/docker-compose/0001-setup.py-allow-all-recent-2.x-requests-releases.patch')
0 files changed, 0 insertions, 0 deletions
