Skip to content

Update module github.com/golang/glog to v1.2.4 [SECURITY]#41

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-github.qkg1.top-golang-glog-vulnerability
Open

Update module github.com/golang/glog to v1.2.4 [SECURITY]#41
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-github.qkg1.top-golang-glog-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jan 28, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/golang/glog v1.0.0v1.2.4 age confidence

Insecure Temporary File usage in github.com/golang/glog

CVE-2024-45339 / GHSA-6wxm-mpqj-6jpf

More information

Details

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Severity

  • CVSS Score: 4.1 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

golang/glog (github.com/golang/glog)

v1.2.4

Compare Source

What's Changed

  • Fail if log file already exists by @​chressie in #​74:
    • glog: Don't try to create/rotate a given syncBuffer twice in the same second
    • glog: introduce createInDir function as in internal version
    • glog: have createInDir fail if the file already exists

Full Changelog: golang/glog@v1.2.3...v1.2.4

v1.2.3

Compare Source

What's Changed

Full Changelog: golang/glog@v1.2.2...v1.2.3

v1.2.2

Compare Source

What's Changed

Full Changelog: golang/glog@v1.2.1...v1.2.2

v1.2.1

Compare Source

What's Changed

Full Changelog: golang/glog@v1.2.0...v1.2.1

v1.2.0

Compare Source

What's Changed

Full Changelog: golang/glog@v1.1.2...v1.2.0

v1.1.2

Compare Source

Bugfix release.

What's Changed

Full Changelog: golang/glog@v1.1.1...v1.1.2

v1.1.1

Compare Source

Bugfixes since the larger v1.1.0, which have been addressed.

v1.1.0

Compare Source

Tagging v1.1.0 after syncing glog with internal changes


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch 2 times, most recently from 1b88cf9 to 6ab4ada Compare April 17, 2025 05:09
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Apr 19, 2025
@renovate renovate Bot closed this Apr 19, 2025
@renovate
renovate Bot deleted the renovate/go-github.qkg1.top-golang-glog-vulnerability branch April 19, 2025 09:13
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Update module github.com/golang/glog to v1.2.4 [SECURITY] Apr 19, 2025
@renovate renovate Bot reopened this Apr 19, 2025
@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch from 787bcb8 to 6ab4ada Compare April 19, 2025 12:47
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Feb 3, 2026
@renovate renovate Bot closed this Feb 3, 2026
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Update module github.com/golang/glog to v1.2.4 [SECURITY] Feb 3, 2026
@renovate renovate Bot reopened this Feb 3, 2026
@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch 2 times, most recently from 6ab4ada to fc00699 Compare February 3, 2026 14:55
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Update module github.com/golang/glog to v1.2.4 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch 2 times, most recently from fc00699 to 82c94bf Compare March 30, 2026 21:38
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Apr 25, 2026
@renovate renovate Bot closed this Apr 25, 2026
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Update module github.com/golang/glog to v1.2.4 [SECURITY] Apr 25, 2026
@renovate renovate Bot reopened this Apr 25, 2026
@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch 2 times, most recently from 82c94bf to fb4124c Compare April 25, 2026 04:29
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title Update module github.com/golang/glog to v1.2.4 [SECURITY] - autoclosed Update module github.com/golang/glog to v1.2.4 [SECURITY] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate
renovate Bot force-pushed the renovate/go-github.qkg1.top-golang-glog-vulnerability branch from fb4124c to 79b813a Compare April 27, 2026 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants