)]}' { "commit": "793ad666bf5ec61392092b27061be9618e4e219b", "tree": "91d32e7299638b5b2dcdd9f5edb7a50c16cf693f", "parents": [ "6f7dac9698988af7b704298c9fd8adf58e1d30c0" ], "author": { "name": "Roland Shoemaker", "email": "roland@golang.org", "time": "Wed May 25 12:54:08 2022 -0700" }, "committer": { "name": "Roland Shoemaker", "email": "roland@golang.org", "time": "Wed May 25 23:09:36 2022 +0000" }, "message": "acme/autocert: properly clean DirCache paths\n\nDon\u0027t assume the path passed into the DirCache methods is absolute, and\nclean it before further operating on it. Put and Delete are not attacker\ncontrolled, but clean them anyway.\n\nFixes #53082\nFixes CVE-2022-30636\n\nChange-Id: I755f525a737da60ccba07ebce4d41cc8faebfcca\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/408694\nRun-TryBot: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\nTryBot-Result: Gopher Robot \u003cgobot@golang.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "03f63022fa42a772b342169491e0a83fbbf45887", "old_mode": 33188, "old_path": "acme/autocert/cache.go", "new_id": "3156a081f0abebf2fa850ed86cbdd161514bd0e4", "new_mode": 33188, "new_path": "acme/autocert/cache.go" } ] }