Hello community, here is the log from the commit of package etcd for openSUSE:Factory checked in at 2018-12-28 12:33:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/etcd (Old) and /work/SRC/openSUSE:Factory/.etcd.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "etcd" Fri Dec 28 12:33:56 2018 rev:14 rq:660070 version:3.3.10 Changes: -------- --- /work/SRC/openSUSE:Factory/etcd/etcd.changes 2018-12-13 19:48:59.952657899 +0100 +++ /work/SRC/openSUSE:Factory/.etcd.new.28833/etcd.changes 2018-12-28 12:33:57.732020378 +0100 @@ -1,0 +2,10 @@ +Wed Dec 19 01:28:24 UTC 2018 - [email protected] + +- Updated to a supported version of Go (due to security reasons) + * bsc#1118897 CVE-2018-16873 + go#29230 cmd/go: remote command execution during "go get -u" + * bsc#1118898 CVE-2018-16874 + go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths + * bsc#1118899 CVE-2018-16875 + go#29233 crypto/x509: CPU denial of service +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ etcd.spec ++++++ --- /var/tmp/diff_new_pack.jkQRiZ/_old 2018-12-28 12:33:58.204020049 +0100 +++ /var/tmp/diff_new_pack.jkQRiZ/_new 2018-12-28 12:33:58.204020049 +0100 @@ -38,6 +38,8 @@ BuildRequires: systemd-rpm-macros BuildRequires: xz BuildRequires: golang(API) = 1.11 +# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875) +BuildRequires: go1.11 >= 1.11.3 ExcludeArch: %ix86 Requires(post): %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build
