Candidate: CVE-2012-2666 PublicDate: 2021-07-09 11:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2666 https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666 https://codereview.appspot.com/5992078 https://bugzilla.suse.com/show_bug.cgi?id=765455 Description: golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. Ubuntu-Description: Notes: mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. sbeattie> fixed in 1.0.2 Mitigation: Bugs: Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_golang: upstream_golang: released (1.0.2) trusty_golang: ignored (out of standard support) trusty/esm_golang: DNE xenial_golang: DNE bionic_golang: DNE focal_golang: DNE groovy_golang: DNE hirsute_golang: DNE impish_golang: DNE jammy_golang: DNE devel_golang: DNE Patches_golang-1.6: upstream_golang-1.6: not-affected (1.0.2) trusty_golang-1.6: ignored (out of standard support) trusty/esm_golang-1.6: DNE xenial_golang-1.6: not-affected (1.0.2) esm-infra/xenial_golang-1.6: not-affected (1.0.2) bionic_golang-1.6: DNE focal_golang-1.6: DNE groovy_golang-1.6: DNE hirsute_golang-1.6: DNE impish_golang-1.6: DNE jammy_golang-1.6: DNE devel_golang-1.6: DNE Patches_golang-1.8: upstream_golang-1.8: not-affected (1.0.2) trusty_golang-1.8: DNE trusty/esm_golang-1.8: DNE xenial_golang-1.8: DNE bionic_golang-1.8: not-affected (1.0.2) focal_golang-1.8: DNE groovy_golang-1.8: DNE hirsute_golang-1.8: DNE impish_golang-1.8: DNE jammy_golang-1.8: DNE devel_golang-1.8: DNE Patches_golang-1.9: upstream_golang-1.9: not-affected (1.0.2) trusty_golang-1.9: DNE trusty/esm_golang-1.9: DNE xenial_golang-1.9: DNE bionic_golang-1.9: not-affected (1.0.2) focal_golang-1.9: DNE groovy_golang-1.9: DNE hirsute_golang-1.9: DNE impish_golang-1.9: DNE jammy_golang-1.9: DNE devel_golang-1.9: DNE Patches_golang-1.10: upstream_golang-1.10: not-affected (1.0.2) trusty_golang-1.10: ignored (out of standard support) trusty/esm_golang-1.10: not-affected (1.0.2) xenial_golang-1.10: not-affected (1.0.2) esm-infra/xenial_golang-1.10: not-affected (1.0.2) bionic_golang-1.10: not-affected (1.0.2) focal_golang-1.10: DNE groovy_golang-1.10: DNE hirsute_golang-1.10: DNE impish_golang-1.10: DNE jammy_golang-1.10: DNE devel_golang-1.10: DNE Patches_golang-1.13: upstream_golang-1.13: not-affected (1.0.2) trusty_golang-1.13: DNE trusty/esm_golang-1.13: DNE xenial_golang-1.13: not-affected (1.0.2) bionic_golang-1.13: not-affected (1.0.2) focal_golang-1.13: not-affected (1.0.2) groovy_golang-1.13: not-affected (1.0.2) hirsute_golang-1.13: not-affected (1.0.2) impish_golang-1.13: not-affected (1.0.2) jammy_golang-1.13: not-affected (1.0.2) devel_golang-1.13: not-affected (1.0.2) Patches_golang-1.14: upstream_golang-1.14: not-affected (1.0.2) trusty_golang-1.14: DNE trusty/esm_golang-1.14: DNE xenial_golang-1.14: DNE bionic_golang-1.14: DNE focal_golang-1.14: not-affected (1.0.2) groovy_golang-1.14: not-affected (1.0.2) hirsute_golang-1.14: not-affected (1.0.2) impish_golang-1.14: DNE jammy_golang-1.14: DNE devel_golang-1.14: DNE Patches_golang-1.15: upstream_golang-1.15: not-affected (1.0.2) trusty_golang-1.15: DNE trusty/esm_golang-1.15: DNE xenial_golang-1.15: DNE bionic_golang-1.15: DNE focal_golang-1.15: DNE groovy_golang-1.15: not-affected (1.0.2) hirsute_golang-1.15: not-affected (1.0.2) impish_golang-1.15: not-affected (1.0.2) Patches_golang-1.16: upstream_golang-1.16: not-affected (1.0.2) trusty_golang-1.16: ignored (out of standard support) trusty/esm_golang-1.16: DNE xenial_golang-1.16: ignored (out of standard support) bionic_golang-1.16: DNE focal_golang-1.16: not-affected (1.0.2) groovy_golang-1.16: DNE hirsute_golang-1.16: not-affected (1.0.2) impish_golang-1.16: not-affected (1.0.2) jammy_golang-1.16: DNE devel_golang-1.16: DNE