projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5724a2e) | patch
CVE-2018-16873,16874
authorGo Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Sat, 13 Mar 2021 14:48:57 +0000 (14:48 +0000)
committerSylvain Beucler <beuc@debian.org>
Sat, 13 Mar 2021 14:48:57 +0000 (14:48 +0000)
commita42535dac09425e2bf928b3c977f19af98c909d7
tree82390b01d9bcf5635c29f03522a3ed2549c955b3tree | snapshot
parent5724a2e24a1dee4bc1b556107c73782389fb59c1commit | diff
CVE-2018-16873,16874

Origin: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972
Origin: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
Origin: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2021-03-04

From 90d609ba6156299642d08afc06d85ab770a03972 Mon Sep 17 00:00:00 2001
From: "Bryan C. Mills" <bcmills@google.com>
Date: Mon, 3 Dec 2018 15:12:08 -0500
Subject: [PATCH] [release-branch.go1.10-security] cmd/go: reject 'get' of
 paths containing leading dots or unsupported characters

On some platforms, directories beginning with dot are treated as
hidden files, and filenames containing unusual characters can be
confusing for users to manipulate (and delete).

Change-Id: I443bdeb98e4de24b8a93a75fb923f4d41052e8f7
Reviewed-on: https://team-review.git.corp.google.com/c/368703
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Gbp-Pq: Name CVE-2018-16873,16874.patch
src/cmd/go/get.go diff | blob | history
src/cmd/go/path.go [new file with mode: 0644] blob
src/cmd/go/vcs.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.