projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cc77a34) | patch
CVE-2018-16873,16874
authorGo Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)
committerSylvain Beucler <beuc@debian.org>
Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)
commit72ab2bbb564de36628e062286e38059b5af30943
treeeefa79b6982c7875e1d8919f081942e8c1d1110atree | snapshot
parentcc77a34f0aea4a1cad14b407faa3aea7d00aaae7commit | diff
CVE-2018-16873,16874

Origin: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972
Origin: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
Origin: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2021-03-04

From 90d609ba6156299642d08afc06d85ab770a03972 Mon Sep 17 00:00:00 2001
From: "Bryan C. Mills" <bcmills@google.com>
Date: Mon, 3 Dec 2018 15:12:08 -0500
Subject: [PATCH] [release-branch.go1.10-security] cmd/go: reject 'get' of
 paths containing leading dots or unsupported characters

On some platforms, directories beginning with dot are treated as
hidden files, and filenames containing unusual characters can be
confusing for users to manipulate (and delete).

Change-Id: I443bdeb98e4de24b8a93a75fb923f4d41052e8f7
Reviewed-on: https://team-review.git.corp.google.com/c/368703
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Gbp-Pq: Name CVE-2018-16873,16874.patch
src/cmd/go/get.go diff | blob | history
src/cmd/go/path.go [new file with mode: 0644] blob
src/cmd/go/vcs.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.