deepcrayon
/
buildroot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

go: security bump to version 1.10.2 

This bump contains many bug fixes, as well as the following security
issue, patched in Go 1.10.1:

CVE-2018-7187: The "go get" implementation in Go 1.9.4, when the
-insecure command-line option is used, does not validate the import path
(get/vcs.go only checks for "://" anywhere in the string), which allows
remote attackers to execute arbitrary OS commands via a crafted web
site.

Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018.05.x
Anisse Astier 2018-05-11 22:50:37 +02:00 committed by Thomas Petazzoni
parent 486334dd81
commit 81815b85a2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/go/go.hash
View File

@ -1,2 +1,2 @@
# From https://golang.org/dl/
sha256 f3de49289405fda5fd1483a8fe6bd2fa5469e005fd567df64485c4fa000c7f24 go1.10.src.tar.gz
sha256 6264609c6b9cd8ed8e02ca84605d727ce1898d74efa79841660b2e3e985a98bd go1.10.2.src.tar.gz

2
package/go/go.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
GO_VERSION = 1.10
GO_VERSION = 1.10.2
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz