| Summary: | golang new security issue CVE-2022-29526 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, bruno, davidwhodgins, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | golang-1.17.9-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-05-24 17:33:41 CEST
David Walser
2022-05-24 17:34:09 CEST
Whiteboard:
(none) =>
MGA8TOO go 1.18.2 pushed to cauldron Status:
NEW =>
ASSIGNED go 1.17.10 pushed now to updates_testing for mga8. Version:
Cauldron =>
8 golang-tests-1.17.10-1.mga8 golang-1.17.10-1.mga8 golang-misc-1.17.10-1.mga8 golang-docs-1.17.10-1.mga8 golang-src-1.17.10-1.mga8 golang-shared-1.17.10-1.mga8 golang-bin-1.17.10-1.mga8 from golang-1.17.10-1.mga8.src.rpm Status comment:
Fixed upstream in 1.17.10 and 1.18.2 =>
(none) mga8, x64
Getting to be a bit of a habit this.
Smooth update of the seven packages via qarepo.
$ rpm -q golang
golang-1.17.10-1.mga8
Tested by building docker in <user>/dev.
$ cd dev
$ rm -rf docker
$ mgarepo co docker
$ ls docker
SOURCES/ SPECS/
$ cd docker
$ bm -s
creating package list
processing package %{origname}-%{moby_version}-%mkrel 1
building source package
succeeded!
$ sudo urpmi --buildrequires SPECS/docker.spec
warning: Macro expanded in comment on line 43: %{shortcommit_moby}
warning: line 119: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-swarm
warning: line 121: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-vim
<Don't know if these problems are caused by packaging or already installed packages>
$ bm
creating package list
processing package %{origname}-%{moby_version}-%mkrel 1
building source and binary packages
succeeded!
$ ls RPMS/x86_64
docker-20.10.16-1.mga8.x86_64.rpm
docker-devel-20.10.16-1.mga8.x86_64.rpm
docker-fish-completion-20.10.16-1.mga8.x86_64.rpm
docker-logrotate-20.10.16-1.mga8.x86_64.rpm
docker-nano-20.10.16-1.mga8.x86_64.rpm
docker-zsh-completion-20.10.16-1.mga8.x86_64.rpm
compared with:
$ rpm -q docker
docker-20.10.14-3.mga8
So golang looks good for complex tasks.CC:
(none) =>
tarazed25 Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-05-27 04:05:24 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0210.html Resolution:
(none) =>
FIXED |