-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : golang Version : 2:1.0.2-1.1+deb7u3 CVE ID : CVE-2018-7187
It was discovered that there was an arbitrary command execution vulnerability in the Go programming language. The "go get" implementation did not correctly validate "import path" statements for "://" which allowed remote attackers to execute arbitrary OS commands via a crafted web site. For Debian 7 "Wheezy", this issue has been fixed in golang version 2:1.0.2-1.1+deb7u3. We recommend that you upgrade your golang packages. The Debian LTS team would like to thank Abhijith PA for preparing this update. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqS3QEACgkQHpU+J9Qx HlgmjQ/9HJLdJC2vzP6wKrt6/ltBKcwgrZrbkRxcry5zrGFUryz4vJ8SI1DzUfI5 +rQgmxz/jQAcLu731qKc5gYFJXCklntQdhpuTmMJRCVGcmavWNH4khv8TGv6SbRp 0QJcDdpZHkVxX65Y7l2id/nS9O/EYMOjeapovVU3C2g61OUlrPSj5Yesdhf8D+cN oVWONIi7Uquhp0W9xg55Rrp4NF6bx5Z4S9n88tqWNBm9HKTa6ROAqU7aId2p8feI gwsOdJAZ+r+qvYjnbSR7AnmbnQE4wGy7JaU/o2o7cQE3UmxMBjNLOYRSxNluA5a2 rsc2HMOVcfXtAOdZMLpcqaUYVxGB55ozN71XnqR6K1ooFofcBDtrTzstegiCklAy PRaONT5t9oKzUfJwFogmWhfz8zLyMNWZb+rBFVla7ljZVZexEcPwwTuI11Kt4Mye AnBOEzcRnd0FFUsBsHGyCicRr1TxFYnXplO9rAqJ/RxvYJQZwO7ZbGQ9tzMYm6Vc R7yvid8bT6kPMeq837RJ6bP9bQDv30QCLMr2queUALFl4qtxgzz1egQl2r8DDGlY fwBYEfg1NNMITHloCepGifqccxIc2Wy62O4Y7NB/VjE78zDuRd3xb3ce49rWEIPV f64kBAb2BuvvJdc0bst17zp7tUUb2BL+l+zlYrVJhjJibP5AMkU= =nfM2 -----END PGP SIGNATURE-----