Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[18.09] Bump Golang 1.10.6 (CVE-2018-16875) #1575

Merged
merged 1 commit into from
Dec 14, 2018
Merged

[18.09] Bump Golang 1.10.6 (CVE-2018-16875) #1575

merged 1 commit into from
Dec 14, 2018

Conversation

thaJeztah
Copy link
Member

go1.10.6 (released 2018/12/14)

See the Go 1.10.6 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.6

@thaJeztah thaJeztah added this to the 18.09.1 milestone Dec 14, 2018
@thaJeztah
Copy link
Member Author

depends on docker/golang-cross#14

@codecov-io
Copy link

Codecov Report

Merging #1575 into 18.09 will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##            18.09    #1575   +/-   ##
=======================================
  Coverage   54.09%   54.09%           
=======================================
  Files         290      290           
  Lines       19406    19406           
=======================================
  Hits        10498    10498           
  Misses       8236     8236           
  Partials      672      672

@thaJeztah
Bump Golang 1.10.6 (CVE-2018-16875)
6c3a10a 
go1.10.6 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.10.6 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.6

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
Copy link
Member Author

Golang cross image was built, but... there's a second build triggered for the same tag, so possibly it will replace the existing one. Should not be an issue, because we pin by digest (just that the digest for the tag may be different)

screen shot 2018-12-14 at 01 43 06

@thaJeztah thaJeztah changed the title [WIP][18.09] Bump Golang 1.10.6 (CVE-2018-16875) [18.09] Bump Golang 1.10.6 (CVE-2018-16875) Dec 14, 2018
vdemeester
vdemeester approved these changes Dec 14, 2018
View reviewed changes
Copy link
Collaborator

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🍵

andrewhsu
andrewhsu approved these changes Dec 14, 2018
View reviewed changes
Copy link
Contributor

@andrewhsu andrewhsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewhsu andrewhsu merged commit 2fa3aae into docker:18.09 Dec 14, 2018
@thaJeztah thaJeztah deleted the bump_golang_1.10.6 branch December 14, 2018 21:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhsu andrewhsu andrewhsu approved these changes

@vdemeester vdemeester vdemeester approved these changes

Assignees
No one assigned
Labels
status/2-code-review
Projects
None yet
Milestone
18.09.1
Development

Successfully merging this pull request may close these issues.
5 participants
@thaJeztah @codecov-io @vdemeester @andrewhsu @GordonTheTurtle