[SECURITY] [DLA 1294-1] golang security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1294-1] golang security update
From: Chris Lamb <lamby@debian.org>
Date: Sun, 25 Feb 2018 15:59:05 +0000
Message-id: <[🔎] 1519574345.1803599.1282702976.7FDC3351@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : golang
Version        : 2:1.0.2-1.1+deb7u3
CVE ID         : CVE-2018-7187

It was discovered that there was an arbitrary command execution
vulnerability in the Go programming language.

The "go get" implementation did not correctly validate "import path"
statements for "://" which allowed remote attackers to execute arbitrary
OS commands via a crafted web site.

For Debian 7 "Wheezy", this issue has been fixed in golang version
2:1.0.2-1.1+deb7u3.

We recommend that you upgrade your golang packages. The Debian LTS team
would like to thank Abhijith PA for preparing this update.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqS3QEACgkQHpU+J9Qx
HlgmjQ/9HJLdJC2vzP6wKrt6/ltBKcwgrZrbkRxcry5zrGFUryz4vJ8SI1DzUfI5
+rQgmxz/jQAcLu731qKc5gYFJXCklntQdhpuTmMJRCVGcmavWNH4khv8TGv6SbRp
0QJcDdpZHkVxX65Y7l2id/nS9O/EYMOjeapovVU3C2g61OUlrPSj5Yesdhf8D+cN
oVWONIi7Uquhp0W9xg55Rrp4NF6bx5Z4S9n88tqWNBm9HKTa6ROAqU7aId2p8feI
gwsOdJAZ+r+qvYjnbSR7AnmbnQE4wGy7JaU/o2o7cQE3UmxMBjNLOYRSxNluA5a2
rsc2HMOVcfXtAOdZMLpcqaUYVxGB55ozN71XnqR6K1ooFofcBDtrTzstegiCklAy
PRaONT5t9oKzUfJwFogmWhfz8zLyMNWZb+rBFVla7ljZVZexEcPwwTuI11Kt4Mye
AnBOEzcRnd0FFUsBsHGyCicRr1TxFYnXplO9rAqJ/RxvYJQZwO7ZbGQ9tzMYm6Vc
R7yvid8bT6kPMeq837RJ6bP9bQDv30QCLMr2queUALFl4qtxgzz1egQl2r8DDGlY
fwBYEfg1NNMITHloCepGifqccxIc2Wy62O4Y7NB/VjE78zDuRd3xb3ce49rWEIPV
f64kBAb2BuvvJdc0bst17zp7tUUb2BL+l+zlYrVJhjJibP5AMkU=
=nfM2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1293-1] imagemagick security update
Next by Date: [SECURITY] [DLA 1295-1] drupal7 security update
Previous by thread: [SECURITY] [DLA 1293-1] imagemagick security update
Next by thread: [SECURITY] [DLA 1295-1] drupal7 security update
Index(es):
- Date
- Thread