go
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Core compiler tools for the Go programming language |
| Version | 2:1.11-1 [community] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-606 | 1.9.3-1 | 1.9.4-1 | High | Fixed | |
| AVG-442 | 2:1.9-1 | 2:1.9.1-1 | High | Fixed | |
| AVG-433 | 2:1.7-1 | 2:1.8-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-6574 | AVG-606 | High | Yes | Arbitrary code execution | Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by... |
| CVE-2017-15041 | AVG-442 | High | Yes | Arbitrary command execution | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that... |
| CVE-2017-1000098 | AVG-433 | High | Yes | Denial of service | The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit.... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 09 Feb 2018 | ASA-201802-2 | AVG-606 | High | arbitrary code execution |
| 12 Oct 2017 | ASA-201710-15 | AVG-442 | High | arbitrary command execution |