2025-07-10
ALT-BU-2025-9115-2
Branch p11 update bulletin.
Package docs-alt-workstation updated to version 11.0-alt5 for branch p11 in task 386784.
Closed bugs
Исправить опечатки в документации docs-alt-workstation
Closed vulnerabilities
Published: 2025-08-18
BDU:2025-09875
Уязвимость языка программирования Golang, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.6)Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-07-29
Modified: 2026-01-29
Modified: 2026-01-29
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.
Severity: HIGH (8.6)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References: