Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update golang 1.10.6 #9563

Merged
merged 4 commits into from
Dec 14, 2018
Merged

Update golang 1.10.6 #9563

merged 4 commits into from
Dec 14, 2018

Conversation

ph
Copy link
Contributor

@ph ph commented Dec 14, 2018

Fix a few security issues:

cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.

https://golang.org/doc/devel/release.html#go1.10.minor

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
@ph ph requested review from kvch and removed request for kvch December 14, 2018 16:35
@ph ph added the needs_backport PR is waiting to be backported to other branches. label Dec 14, 2018
@ph
Copy link
Contributor Author

ph commented Dec 14, 2018

Taking a look at the fsevents issue..

@ph
Copy link
Contributor Author

ph commented Dec 14, 2018

jenkins test this please

Copy link
Member

@graphaelli graphaelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ph
Copy link
Contributor Author

ph commented Dec 14, 2018

I am going to merge this, Travis is completely green.

@ph ph merged commit 8d04a77 into elastic:6.x Dec 14, 2018
@ph ph added v6.5.4 and removed needs_backport PR is waiting to be backported to other branches. labels Dec 14, 2018
ph added a commit to ph/beats that referenced this pull request Dec 14, 2018
* Update golang 1.10.6

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
(cherry picked from commit 8d04a77)
ph added a commit that referenced this pull request Dec 14, 2018
Cherry-pick of PR #9563 to 6.5 branch. Original message: 

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
lucksuper pushed a commit to lucksuper/beats that referenced this pull request Dec 23, 2018
Cherry-pick of PR elastic#9563 to 6.5 branch. Original message:

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
DStape pushed a commit to DStape/beats that referenced this pull request Aug 20, 2019
* Update golang 1.10.6

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
Cherry-pick of PR elastic#9563 to 6.5 branch. Original message: 

Fix a few security issues:
```
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
```

https://golang.org/doc/devel/release.html#go1.10.minor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants