Skip to content

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195#14737

Merged
mssonicbld merged 1 commit intosonic-net:202012from
mssonicbld:cherry/202012/14636
Apr 20, 2023
Merged

[action] [PR:14636] Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195#14737
mssonicbld merged 1 commit intosonic-net:202012from
mssonicbld:cherry/202012/14636

Conversation

@mssonicbld
Copy link
Copy Markdown
Collaborator

@mssonicbld mssonicbld commented Apr 20, 2023

No description provided.

@FengPan-Frank @mssonicbld
Update golang version for telemetry build in sonic-slave-buster to fix (
4dfc02c 
sonic-net#14636)

Update golang version for telemetry build in sonic-slave-jessie to fix CVE-2021-33195, this PR will be merged into 201911 branch finally.

#### Why I did it
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. Now in 201911 and 202012 branch we're using 1.14.2

##### Work item tracking
- Microsoft ADO **(number only)**:17727291

#### How I did it
Bump golang version into 1.15.15 which contains corresponding fix.

#### How to verify it
unit test to do sanity check.
@mssonicbld mssonicbld mentioned this pull request Apr 20, 2023
Merged
10 tasks
@mssonicbld
Copy link
Copy Markdown
Collaborator Author

mssonicbld commented Apr 20, 2023

Original PR: #14636

@mssonicbld mssonicbld merged commit 7c4b8bc into sonic-net:202012 Apr 20, 2023
@mssonicbld mssonicbld deleted the cherry/202012/14636 branch March 6, 2026 01:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automerge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mssonicbld @FengPan-Frank