go 1.11.3 fixes the following security issues:
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.
cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.
crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
go 1.11.4 fixes issues, including regressions introduced by 1.11.3:
1.11.4 includes fixes to cgo, the compiler, linker, runtime, documentation, go
command, and the net/http and go/types packages. It includes a fix to a bug
introduced in Go 1.11.3 that broke go get for import path patterns
containing "...".
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
# From https://golang.org/dl/
-sha256 042fba357210816160341f1002440550e952eb12678f7c9e7e9d389437942550 go1.11.2.src.tar.gz
+sha256 4cfd42720a6b1e79a8024895fa6607b69972e8e32446df76d6ce79801bbadb15 go1.11.4.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
#
################################################################################
-GO_VERSION = 1.11.2
+GO_VERSION = 1.11.4
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
projects / buildroot.git / commitdiff