Code Review / ric-plt / sdlgo.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 59c60eb) | patch
Upgrade Golang version to fix CVE-2022-32189 vulnerability 85/8885/1 v0.10.1
authorTimo Tietavainen <timo.tietavainen@nokia.com>
Fri, 12 Aug 2022 12:49:53 +0000 (15:49 +0300)
committerTimo Tietavainen <timo.tietavainen@nokia.com>
Fri, 12 Aug 2022 12:49:53 +0000 (15:49 +0300)
commit1fb0e222e95d5af6df20d922501f585c1ef9fd0b
tree4557b7ba0b706df5c7156a4ded710737d7bba633tree | snapshot
parent59c60ebc4ca8edd65fd9cdc1e833309f3e8bc8fecommit | diff
Upgrade Golang version to fix CVE-2022-32189 vulnerability

A too-short encoded message can cause a panic in Float.GobDecode and Rat
GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially
allowing a denial of service. Upgrade Golang to the latest 1.18 version,
that is for the time being 1.18.5.
Issue-Id: RIC-934

Signed-off-by: Timo Tietavainen <timo.tietavainen@nokia.com>
Change-Id: I9498217634fc9b78a5d1ef814e1a3c8dd251d758
ci/Dockerfile diff | blob | history