Overview

File _patchinfo of Package patchinfo.9402

<patchinfo incident="9402"> 
  <issue id="2018-7187" tracker="cve" />
  <issue id="1081495" tracker="bnc">golang: arbitrary command execution via VCS path</issue>
  <issue id="1119634" tracker="bnc">go: multi-version installation is broken on version switch</issue>
  <issue id="1119706" tracker="bnc">go get broken for   import path patterns containing "..."</issue>
  <category>security</category>
  <rating>important</rating>
  <packager>cyphar</packager>
  <description>This update for go fixes the following issues:

- golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
- Make profile.d/go.sh no longer set GOROOT=, in order to make switching
  between versions no longer break. This ends up removing the need for go.sh
  entirely (because GOPATH is also set automatically) (boo#1119634)
- Fix a regression that broke go get for import path patterns containing "..."
  (bsc#1119706)

Additionally, the package go1.10 has been added.

This update was imported from the SUSE:SLE-15:Update update project.</description>
  <summary>Security update for go</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places