AVG-835 log

Package go, go-pie
Status Fixed
Severity High
Type multiple issues
Affected 2:1.11.2-2
Fixed 2:1.11.3-1
Current 2:1.13.5-1 [community]
Ticket None
Created Sat Dec 15 17:25:13 2018
Issue Severity Remote Type Description
CVE-2018-16875 Medium Yes Denial of service
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might...
CVE-2018-16874 High Yes Directory traversal
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go...
CVE-2018-16873 High Yes Arbitrary command execution
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path...
Date Advisory Package Description
18 Dec 2018 ASA-201812-12 go-pie multiple issues
18 Dec 2018 ASA-201812-11 go multiple issues
References
https://groups.google.com/forum/#!msg/golang-announce/Kw31K8G7Fi0/z2olKn-QCAAJ