Hello community, here is the log from the commit of package container-feeder for openSUSE:Factory checked in at 2018-12-28 12:34:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/container-feeder (Old) and /work/SRC/openSUSE:Factory/.container-feeder.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "container-feeder" Fri Dec 28 12:34:00 2018 rev:12 rq:660273 version:4.0.0+20181105.git_r92_066ce53 Changes: -------- --- /work/SRC/openSUSE:Factory/container-feeder/container-feeder.changes 2018-12-04 20:56:50.652685256 +0100 +++ /work/SRC/openSUSE:Factory/.container-feeder.new.28833/container-feeder.changes 2018-12-28 12:34:01.184017975 +0100 @@ -1,0 +2,10 @@ +Wed Dec 19 17:31:11 UTC 2018 - clee@suse.com + +- Update go requirements to >= go1.11.3 to fix + * bsc#1118897 CVE-2018-16873 + go#29230 cmd/go: remote command execution during "go get -u" + * bsc#1118898 CVE-2018-16874 + go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths + * bsc#1118899 CVE-2018-16875 + go#29233 crypto/x509: CPU denial of service +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ container-feeder.spec ++++++ --- /var/tmp/diff_new_pack.gdxE50/_old 2018-12-28 12:34:01.808017541 +0100 +++ /var/tmp/diff_new_pack.gdxE50/_new 2018-12-28 12:34:01.812017538 +0100 @@ -51,7 +51,9 @@ BuildRequires: libbtrfs-devel BuildRequires: libgpgme-devel BuildRequires: libseccomp-devel -BuildRequires: golang(API) >= 1.7 +BuildRequires: golang(API) >= 1.11 +# go1.11.3 contains sec. fixes bsc#1118897(CVE-2018-16873) bsc#1118897(CVE-2018-16873) bsc#1118899(CVE-2018-16875) +BuildRequires: go1.11 >= 1.11.3 Requires: docker-kubic Requires: libcontainers-common Requires: libcontainers-image