From ba02690b08550e1d402f7aa78ff798e590d055b4 Mon Sep 17 00:00:00 2001 From: naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 1 Oct 2021 14:14:18 +0000 Subject: [PATCH] mod: Upgrade to fix CVE-2021-3538 Fix the satori/go.uuid reference to avoid the CVE. More information https://github.com/jackc/pgx/issues/1052 https://github.com/satori/go.uuid/pull/75 https://github.com/satori/go.uuid/issues/73 --- docs/release-notes/release-notes-0.14.0.md | 2 ++ kvdb/go.mod | 4 ++++ kvdb/go.sum | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/release-notes/release-notes-0.14.0.md b/docs/release-notes/release-notes-0.14.0.md index 165032e620..74fef52d8b 100644 --- a/docs/release-notes/release-notes-0.14.0.md +++ b/docs/release-notes/release-notes-0.14.0.md @@ -295,6 +295,8 @@ you. * [Replace reference to XZ library with CVE](https://github.com/lightningnetwork/lnd/pull/5789) +* [Replace reference to go.uuid library with CVE](https://github.com/lightningnetwork/lnd/pull/5814) + * [Fixed restore backup file test flake with bitcoind](https://github.com/lightningnetwork/lnd/pull/5637). * [Timing fix in AMP itest](https://github.com/lightningnetwork/lnd/pull/5725). diff --git a/kvdb/go.mod b/kvdb/go.mod index 1599175ba4..b054cbf3c3 100644 --- a/kvdb/go.mod +++ b/kvdb/go.mod @@ -35,4 +35,8 @@ replace github.com/ulikunitz/xz => github.com/ulikunitz/xz v0.5.8 // https://deps.dev/advisory/OSV/GO-2021-0053?from=%2Fgo%2Fgithub.com%252Fgogo%252Fprotobuf%2Fv1.3.1 replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 +// This replace is for +// https://nvd.nist.gov/vuln/detail/CVE-2021-3538 +replace github.com/satori/go.uuid => github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102 + go 1.15 diff --git a/kvdb/go.sum b/kvdb/go.sum index 2573f71649..9fe19dbd02 100644 --- a/kvdb/go.sum +++ b/kvdb/go.sum @@ -361,7 +361,7 @@ github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OK github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=