[SECURITY] [DLA 1294-1] golang security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : golang
Version : 2:1.0.2-1.1+deb7u3
CVE ID : CVE-2018-7187
It was discovered that there was an arbitrary command execution
vulnerability in the Go programming language.
The "go get" implementation did not correctly validate "import path"
statements for "://" which allowed remote attackers to execute arbitrary
OS commands via a crafted web site.
For Debian 7 "Wheezy", this issue has been fixed in golang version
2:1.0.2-1.1+deb7u3.
We recommend that you upgrade your golang packages. The Debian LTS team
would like to thank Abhijith PA for preparing this update.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqS3QEACgkQHpU+J9Qx
HlgmjQ/9HJLdJC2vzP6wKrt6/ltBKcwgrZrbkRxcry5zrGFUryz4vJ8SI1DzUfI5
+rQgmxz/jQAcLu731qKc5gYFJXCklntQdhpuTmMJRCVGcmavWNH4khv8TGv6SbRp
0QJcDdpZHkVxX65Y7l2id/nS9O/EYMOjeapovVU3C2g61OUlrPSj5Yesdhf8D+cN
oVWONIi7Uquhp0W9xg55Rrp4NF6bx5Z4S9n88tqWNBm9HKTa6ROAqU7aId2p8feI
gwsOdJAZ+r+qvYjnbSR7AnmbnQE4wGy7JaU/o2o7cQE3UmxMBjNLOYRSxNluA5a2
rsc2HMOVcfXtAOdZMLpcqaUYVxGB55ozN71XnqR6K1ooFofcBDtrTzstegiCklAy
PRaONT5t9oKzUfJwFogmWhfz8zLyMNWZb+rBFVla7ljZVZexEcPwwTuI11Kt4Mye
AnBOEzcRnd0FFUsBsHGyCicRr1TxFYnXplO9rAqJ/RxvYJQZwO7ZbGQ9tzMYm6Vc
R7yvid8bT6kPMeq837RJ6bP9bQDv30QCLMr2queUALFl4qtxgzz1egQl2r8DDGlY
fwBYEfg1NNMITHloCepGifqccxIc2Wy62O4Y7NB/VjE78zDuRd3xb3ce49rWEIPV
f64kBAb2BuvvJdc0bst17zp7tUUb2BL+l+zlYrVJhjJibP5AMkU=
=nfM2
-----END PGP SIGNATURE-----
Reply to: