Skip to content
This repository has been archived by the owner on Mar 26, 2020. It is now read-only.

GlusterD2 v4.1.1

Compare
Choose a tag to compare
@kshlm kshlm released this 11 Oct 13:27
· 403 commits to master since this release
v4.1.1
c6d93e8

Update to address possible CVE-2018-17142. Just the vendored dependencies have been updated.

The CVE does not affect any built GD2 v4.1.0 binaries. Anyone using GD2 v4.1.0 can continue using GD2 v4.1.0.

The vendored tarball contained vendored source for golang.org/x/net/html which had the CVE. Neither GD2 nor any of its dependencies make use of html.Parse(), which had the CVE, and hence isn't exploitable. The vendored source tarball that contained the code with the CVE isn't exploitable either as it doesn't have any binaries that use html.Parse()