Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Golang 1.11.3 (CVE-2018-16875) #38369

Merged
merged 1 commit into from
Dec 19, 2018
Merged

Bump Golang 1.11.3 (CVE-2018-16875) #38369

merged 1 commit into from
Dec 19, 2018

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Dec 13, 2018
edited
Loading

go1.11.13 (released 2018/12/14)

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

@thaJeztah
Bump Golang 1.11.3 (CVE-2018-16875)
6b7c093 
go1.11.13 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
vdemeester
vdemeester approved these changes Dec 14, 2018
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🍵

@thaJeztah
Copy link
Member Author

Looks like the golang image isn't multi-arch yet; only x86_64

docker manifest inspect golang:1.11.3
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1796,
         "digest": "sha256:e03ed489934627bed040325b9796fc1c3e2428ac8de762ad9c985952be95db07",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      }
   ]
}

@thaJeztah thaJeztah mentioned this pull request Dec 14, 2018
Closed
@thaJeztah
Copy link
Member Author

Opened an issue docker-library/golang#253

@thaJeztah
Copy link
Member Author

Windows images also seem to be missing; docker-library/golang#254

@thaJeztah
Copy link
Member Author

Images are up now, so restarted CI again

@thaJeztah
Copy link
Member Author

Merging; Windows RS5 failure is unrelated

@thaJeztah thaJeztah merged commit c07d79b into moby:master Dec 19, 2018
@thaJeztah thaJeztah deleted the bump_golang_1.11.3 branch December 19, 2018 08:41
@thaJeztah thaJeztah mentioned this pull request Mar 2, 2019
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seemethere seemethere seemethere approved these changes

@vdemeester vdemeester vdemeester approved these changes

Assignees
No one assigned
Labels
area/project area/security status/2-code-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thaJeztah @vdemeester @seemethere @GordonTheTurtle