File _patchinfo of Package patchinfo.7804

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.7804

<patchinfo incident="7804">
  <issue tracker="bnc" id="1081495"></issue>
  <issue tracker="bnc" id="1085785"></issue>
  <issue tracker="cve" id="2018-7187"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for go and go1.9 fixes the following issues:
  
The following security issues have been addressed for both packages:
  
- CVE-2018-7187: Fixed the validation of the import path in the go get command,
  which allowed for arbitrary command execution via VCS path when the -insecure
  flag is used (bsc#1081495)

The following other changes have been made for go1.9:

- Fixes to the go command and the crypto/x509 and strings packages, which add
  minimal support to the go command for the vgo transition.
- Several fixes to the compiler and go command
- Fixed various issues in go trace (bsc#1085785):
- Ensure go binaries are not stripped (eg: go tools trace), this caused some of
  them to misbehave
- Ensure go trace html template is shipped as part of the installation,
  otherwise the web UI won't work

For details on any other changes see the Go milestones on the official
issue tracker.
</description>
  <summary>Security update for go, go1.9</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.7804

Places