-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update golang 1.10.6 #9563
Merged
Merged
Update golang 1.10.6 #9563
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor
Taking a look at the fsevents issue.. |
jenkins test this please |
graphaelli
approved these changes
Dec 14, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
urso
approved these changes
Dec 14, 2018
I am going to merge this, Travis is completely green. |
ph
added
v6.5.4
and removed
needs_backport
PR is waiting to be backported to other branches.
labels
Dec 14, 2018
ph
added a commit
to ph/beats
that referenced
this pull request
Dec 14, 2018
* Update golang 1.10.6 Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor (cherry picked from commit 8d04a77)
ph
added a commit
that referenced
this pull request
Dec 14, 2018
Cherry-pick of PR #9563 to 6.5 branch. Original message: Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor
lucksuper
pushed a commit
to lucksuper/beats
that referenced
this pull request
Dec 23, 2018
Cherry-pick of PR elastic#9563 to 6.5 branch. Original message: Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor
DStape
pushed a commit
to DStape/beats
that referenced
this pull request
Aug 20, 2019
* Update golang 1.10.6 Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
Cherry-pick of PR elastic#9563 to 6.5 branch. Original message: Fix a few security issues: ``` cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. ``` https://golang.org/doc/devel/release.html#go1.10.minor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix a few security issues:
https://golang.org/doc/devel/release.html#go1.10.minor