Summary: | <dev-lang/go-1.10.1: Arbitrary code execution via "go get" | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | williamh |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/golang/go/issues/23867 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-lang/go-1.10.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-03-09 15:33:20 UTC
This is fixed in go-1.10.1. Arm team, please stabilize. I have stabilized on amd64 and x86. @arm please test and mark stable. @arm team, what is the status of getting this stable? arm stable, all arches done. GLSA request filed @maintainer, please drop the vulnerable versions. This issue was resolved and addressed in GLSA 201804-12 at https://security.gentoo.org/glsa/201804-12 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup Vulnerable versions are removed. Thanks, William (In reply to William Hubbs from comment #8) > Vulnerable versions are removed. > > Thanks, > > William Thanks, William! |