projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b03c1c1) | patch
CVE-2018-16873,16874
authorGo Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Tue, 26 Apr 2022 17:32:45 +0000 (18:32 +0100)
committerSylvain Beucler <beuc@debian.org>
Tue, 26 Apr 2022 17:32:45 +0000 (18:32 +0100)
commit7d86d6440d530068cb4172b789cd5308e93be149
treeaa08cb0d05515816abcd6aa6768fbc64ccc16f7atree | snapshot
parentb03c1c1ba84e970410e116db3033e9359653d294commit | diff
CVE-2018-16873,16874

Origin: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972
Origin: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
Origin: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2021-03-04

From 90d609ba6156299642d08afc06d85ab770a03972 Mon Sep 17 00:00:00 2001
From: "Bryan C. Mills" <bcmills@google.com>
Date: Mon, 3 Dec 2018 15:12:08 -0500
Subject: [PATCH] [release-branch.go1.10-security] cmd/go: reject 'get' of
 paths containing leading dots or unsupported characters

On some platforms, directories beginning with dot are treated as
hidden files, and filenames containing unusual characters can be
confusing for users to manipulate (and delete).

Change-Id: I443bdeb98e4de24b8a93a75fb923f4d41052e8f7
Reviewed-on: https://team-review.git.corp.google.com/c/368703
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Gbp-Pq: Name CVE-2018-16873,16874.patch
src/cmd/go/get.go diff | blob | history
src/cmd/go/path.go [new file with mode: 0644] blob
src/cmd/go/vcs.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.