deps: Update github.com/ulikunitz/xz@v0.5.8 #278
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Addresses CVE-2020-16845. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845 Reference: GHSA-25xm-hr59-7c27 Reference: ulikunitz/xz#35
mwhooker
approved these changes
Sep 29, 2020
sp3nx0r
added a commit
to sp3nx0r/go-getter
that referenced
this pull request
Oct 22, 2020
Bumping this dependency due to two vunlerabilities: * https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMULIKUNITZXZ-607912 * https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMULIKUNITZXZ-598892 This has already been taken in upstream: hashicorp#278
sp3nx0r
added a commit
to sp3nx0r/go-getter
that referenced
this pull request
Oct 22, 2020
Bumping this dependency due to two vunlerabilities: * https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMULIKUNITZXZ-607912 * https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMULIKUNITZXZ-598892 This has already been taken in upstream: hashicorp#278 Signed-off-by: Spencer Koch <sp3nx0r@gmail.com>
picatz
added a commit
to hashicorp/terraform-exec
that referenced
this pull request
Nov 9, 2020
github.com/ulikunitz/xz@0.5.5 used by github.com/hashicorp/go-getter@1.4.0 contains a DoS where it is possible to create an infinite read loop due to the usage of the ReadUvarint and ReadVarint function when encoding/binary via invalid inputs. hashicorp/go-getter#278
kmoe
pushed a commit
to hashicorp/terraform-exec
that referenced
this pull request
Nov 27, 2020
github.com/ulikunitz/xz@0.5.5 used by github.com/hashicorp/go-getter@1.4.0 contains a DoS where it is possible to create an infinite read loop due to the usage of the ReadUvarint and ReadVarint function when encoding/binary via invalid inputs. hashicorp/go-getter#278
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses CVE-2020-16845.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
Reference: GHSA-25xm-hr59-7c27
Reference: ulikunitz/xz#35