Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[18.09] Bump Golang 1.10.6 (CVE-2018-16875) #1575

Merged
merged 1 commit into from Dec 14, 2018

Conversation

Projects
None yet
5 participants
@thaJeztah
Copy link
Member

commented Dec 14, 2018

go1.10.6 (released 2018/12/14)

  • crypto/x509: CPU denial of service in chain validation golang/go#29233
  • cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
  • cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.10.6 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.6

@thaJeztah thaJeztah added this to the 18.09.1 milestone Dec 14, 2018

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

@codecov-io

This comment has been minimized.

Copy link

commented Dec 14, 2018

Codecov Report

Merging #1575 into 18.09 will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##            18.09    #1575   +/-   ##
=======================================
  Coverage   54.09%   54.09%           
=======================================
  Files         290      290           
  Lines       19406    19406           
=======================================
  Hits        10498    10498           
  Misses       8236     8236           
  Partials      672      672
Bump Golang 1.10.6 (CVE-2018-16875)
go1.10.6 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.10.6 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

@thaJeztah thaJeztah force-pushed the thaJeztah:bump_golang_1.10.6 branch from fced1ab to 6c3a10a Dec 14, 2018

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

Golang cross image was built, but... there's a second build triggered for the same tag, so possibly it will replace the existing one. Should not be an issue, because we pin by digest (just that the digest for the tag may be different)

screen shot 2018-12-14 at 01 43 06

@thaJeztah thaJeztah changed the title [WIP][18.09] Bump Golang 1.10.6 (CVE-2018-16875) [18.09] Bump Golang 1.10.6 (CVE-2018-16875) Dec 14, 2018

@vdemeester
Copy link
Member

left a comment

LGTM 🍵

@andrewhsu
Copy link
Contributor

left a comment

LGTM

@andrewhsu andrewhsu merged commit 2fa3aae into docker:18.09 Dec 14, 2018

9 checks passed

ci/circleci: cross Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: shellcheck Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: validate Your tests passed on CircleCI!
Details
codecov/patch Coverage not affected when comparing 3ee6755...6c3a10a
Details
codecov/project 54.09% remains the same compared to 3ee6755
Details
continuous-integration/jenkins/pr-head This commit looks good
Details
dco-signed All commits are signed

@thaJeztah thaJeztah deleted the thaJeztah:bump_golang_1.10.6 branch Dec 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.