kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/lang/go118
History
bsiegert 1ccb9b367f go118: update to 1.18.8 
This release includes 1 security fixes following the security policy:

syscall, os/exec: unsanitized NUL in environment variables

On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for
invalid environment variable values. A malicious environment variable value
could exploit this behavior to set a value for a different environment
variable. For example, the environment variable string "A=B\x00C=D" set the
variables "A=B" and "C=D".

Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.8
2022-11-01 17:26:16 +00:00
..
patches
ALTERNATIVES
DESCR
distinfo go118: update to 1.18.8 2022-11-01 17:26:16 +00:00
Makefile go: be more verbose when building 2022-09-17 10:13:56 +00:00
PLIST go118: update to 1.18.7 2022-10-05 09:51:52 +00:00
PLIST.Darwin
PLIST.Linux
PLIST.SunOS