Skip to content
This repository has been archived by the owner on Mar 26, 2020. It is now read-only.

GlusterD2 v4.1.1
Compare
Choose a tag to compare
@kshlm kshlm released this 11 Oct 13:27
· 403 commits to master since this release
v4.1.1
This tag was signed with the committer’s verified signature. The key has expired.
kshlm Kaushal Madappa
GPG key ID: 35B58339F67C58C1
Expired
Learn about vigilant mode.
c6d93e8
This commit was signed with the committer’s verified signature. The key has expired.
kshlm Kaushal Madappa
GPG key ID: 35B58339F67C58C1
Expired
Learn about vigilant mode.

Update to address possible CVE-2018-17142. Just the vendored dependencies have been updated.

The CVE does not affect any built GD2 v4.1.0 binaries. Anyone using GD2 v4.1.0 can continue using GD2 v4.1.0.

The vendored tarball contained vendored source for golang.org/x/net/html which had the CVE. Neither GD2 nor any of its dependencies make use of html.Parse(), which had the CVE, and hence isn't exploitable. The vendored source tarball that contained the code with the CVE isn't exploitable either as it doesn't have any binaries that use html.Parse()

Assets 8
Loading