Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Golang 1.11.3 (CVE-2018-16875) #38369

Merged
merged 1 commit into from Dec 19, 2018

Conversation

Projects
None yet
4 participants
@thaJeztah
Copy link
Member

commented Dec 13, 2018

go1.11.13 (released 2018/12/14)

  • crypto/x509: CPU denial of service in chain validation golang/go#29233
  • cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
  • cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

Bump Golang 1.11.3 (CVE-2018-16875)
go1.11.13 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

@thaJeztah thaJeztah force-pushed the thaJeztah:bump_golang_1.11.3 branch from fb6dc55 to 6b7c093 Dec 13, 2018

@vdemeester
Copy link
Member

left a comment

LGTM 🍵

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

Looks like the golang image isn't multi-arch yet; only x86_64

docker manifest inspect golang:1.11.3
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1796,
         "digest": "sha256:e03ed489934627bed040325b9796fc1c3e2428ac8de762ad9c985952be95db07",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      }
   ]
}
@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

Opened an issue docker-library/golang#253

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

Windows images also seem to be missing; docker-library/golang#254

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 14, 2018

Images are up now, so restarted CI again

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Dec 19, 2018

Merging; Windows RS5 failure is unrelated

@thaJeztah thaJeztah merged commit c07d79b into moby:master Dec 19, 2018

6 of 7 checks passed

windowsRS5-process Jenkins build Docker-PRs-WoW-RS5-Process 642 has failed
Details
dco-signed All commits are signed
experimental Jenkins build Docker-PRs-experimental 43192 has succeeded
Details
janky Jenkins build Docker-PRs 52023 has succeeded
Details
powerpc Jenkins build Docker-PRs-powerpc 12418 has succeeded
Details
windowsRS1 Jenkins build Docker-PRs-WoW-RS1 23212 has succeeded
Details
z Jenkins build Docker-PRs-s390x 12280 has succeeded
Details

@thaJeztah thaJeztah deleted the thaJeztah:bump_golang_1.11.3 branch Dec 19, 2018

@thaJeztah thaJeztah referenced this pull request Mar 2, 2019

Open

[18.09 backport] Bump Golang to 1.11.11 #168

8 of 8 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.