Updated golang packages has been released for Debian GNU/Linux 7 LTS
Package : golang
Version : 2:1.0.2-1.1+deb7u3
CVE ID : CVE-2018-7187
It was discovered that there was an arbitrary command execution
vulnerability in the Go programming language.
The "go get" implementation did not correctly validate "import path"
statements for "://" which allowed remote attackers to execute arbitrary
OS commands via a crafted web site.
For Debian 7 "Wheezy", this issue has been fixed in golang version
2:1.0.2-1.1+deb7u3.
We recommend that you upgrade your golang packages. The Debian LTS team
would like to thank Abhijith PA for preparing this update.