1ccb9b367f
This release includes 1 security fixes following the security policy: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" set the variables "A=B" and "C=D". Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue. This is CVE-2022-41716 and Go issue https://go.dev/issue/56284. View the release notes for more information: https://go.dev/doc/devel/release#go1.18.8 |
||
---|---|---|
.. | ||
patches | ||
ALTERNATIVES | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST | ||
PLIST.Darwin | ||
PLIST.Linux | ||
PLIST.SunOS |