Overview

File _patchinfo of Package patchinfo.9880

<patchinfo incident="9880">
  <issue tracker="bnc" id="1120762">[TRACKERBUG] release new version of helm-mirror</issue>
  <issue tracker="bnc" id="1118899">VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service</issue>
  <issue tracker="bnc" id="1118898">VUL-0: CVE-2018-16874: go: cmd/go: directory traversal</issue>
  <issue tracker="bnc" id="1118897">VUL-0: CVE-2018-16873: go: cmd/go: remote command execution</issue>
  <issue tracker="bnc" id="1116182">[TRACKERBUG] [FATE#326810] Include helm-mirror into the containers module.</issue>
  <issue tracker="cve" id="2018-16873"/>
  <issue tracker="cve" id="2018-16874"/>
  <issue tracker="cve" id="2018-16875"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>vzepedamas</packager>
  <description>This update for helm-mirror to version 0.2.1 fixes the following issues:


Security issues fixed:

- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)
- CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import path (bsc#1118898)
- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)

Non-security issue fixed:

- Update to v0.2.1 (bsc#1120762)
- Include helm-mirror into the containers module (bsc#1116182)
</description>
  <summary>Security update for helm-mirror</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places