Hello community,
here is the log from the commit of package container-feeder for
openSUSE:Factory checked in at 2018-12-28 12:34:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/container-feeder (Old)
and /work/SRC/openSUSE:Factory/.container-feeder.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "container-feeder"
Fri Dec 28 12:34:00 2018 rev:12 rq:660273 version:4.0.0+20181105.git_r92_066ce53
Changes:
--------
--- /work/SRC/openSUSE:Factory/container-feeder/container-feeder.changes
2018-12-04 20:56:50.652685256 +0100
+++
/work/SRC/openSUSE:Factory/.container-feeder.new.28833/container-feeder.changes
2018-12-28 12:34:01.184017975 +0100
@@ -1,0 +2,10 @@
+Wed Dec 19 17:31:11 UTC 2018 - [email protected]
+
+- Update go requirements to >= go1.11.3 to fix
+ * bsc#1118897 CVE-2018-16873
+ go#29230 cmd/go: remote command execution during "go get -u"
+ * bsc#1118898 CVE-2018-16874
+ go#29231 cmd/go: directory traversal in "go get" via curly braces in
import paths
+ * bsc#1118899 CVE-2018-16875
+ go#29233 crypto/x509: CPU denial of service
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ container-feeder.spec ++++++
--- /var/tmp/diff_new_pack.gdxE50/_old 2018-12-28 12:34:01.808017541 +0100
+++ /var/tmp/diff_new_pack.gdxE50/_new 2018-12-28 12:34:01.812017538 +0100
@@ -51,7 +51,9 @@
BuildRequires: libbtrfs-devel
BuildRequires: libgpgme-devel
BuildRequires: libseccomp-devel
-BuildRequires: golang(API) >= 1.7
+BuildRequires: golang(API) >= 1.11
+# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873)
bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875)
+BuildRequires: go1.11 >= 1.11.3
Requires: docker-kubic
Requires: libcontainers-common
Requires: libcontainers-image
