Summary: | <dev-lang/go-{1.10.7,1.11.4}: Multiple vulnerabilities (CVE-2018-{16873,16874,16875}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mikle Kolyada (RETIRED) <zlogene> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | williamh |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://groups.google.com/forum/#!topic/golang-announce/Kw31K8G7Fi0 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-lang/go-1.10.7 amd64 arm x86
dev-lang/go-1.11.4 amd64 arm x86
|
Runtime testing required: | --- |
Description
Mikle Kolyada (RETIRED)
2018-12-16 09:37:54 UTC
dev-lang/go 1.10.6 and 1.11.4 are now in the tree. I am fine with fast stabilizing them. dev-lang/go-1.10.7 was just added. We need to fast stable 1.10.7 and 1.11.3. I meant 1.11.4. (In reply to William Hubbs from comment #2) > dev-lang/go-1.10.7 was just added. > We need to fast stable 1.10.7 and 1.11.3. 1.11 series has never had stable keywords at all, so it is likely we shall only stabilize 1.10.7 I am fine with going ahead with stabilizing 1.11.4 as well, 1.11.2 has been in the tree more than 30 days. as discussed in in irc 1.11.4 will be stabilized alongside with 1.10.7 Arch teams, please stabilize dev-lang/go 1.10.7 and 1.11.4. Thanks, William x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57897bad2d7ac8e0e5cb773f0c1e606f3be0a915 commit 57897bad2d7ac8e0e5cb773f0c1e606f3be0a915 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2018-12-20 14:44:53 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2018-12-20 14:45:19 +0000 dev-lang/go: stabilize 1.10.7 and 1.11.4 on amd64 for bug #673234 Bug: https://bugs.gentoo.org/673234 Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/go-1.10.7.ebuild | 2 +- dev-lang/go/go-1.11.4.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) GLSA is ready for review This issue was resolved and addressed in GLSA 201812-09 at https://security.gentoo.org/glsa/201812-09 by GLSA coordinator Mikle Kolyada (Zlogene). |