Update golang version for telemetry build in sonic-slave-buster to fix CVE-2021-33195 (#14637)

Update golang version for telemetry build in sonic-slave-buster to fix https://security-tracker.debian.org/tracker/CVE-2021-33195, this PR will be merged into 202012 branch finally.

#### Why I did it
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. Now in 201911 and 202012 branch we're using 1.14.2

##### Work item tracking
- Microsoft ADO **(number only)**:17727291

#### How I did it
Bump golang version into 1.15.15 which contains corresponding fix.

#### How to verify it
unit test to do sanity check.
This commit is contained in:
Feng-msft 2023-04-17 14:47:42 +08:00 committed by GitHub
parent 46c0d073a5
commit 183d0f2be7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -465,7 +465,7 @@ RUN apt-get install -y kernel-wedge
{%- endif %}
# For gobgp and telemetry build
RUN export VERSION=1.14.2 \
RUN export VERSION=1.15.15 \
{%- if CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON != "y" %}
&& wget https://storage.googleapis.com/golang/go$VERSION.linux-armv6l.tar.gz \
&& tar -C /usr/local -xzf go$VERSION.linux-armv6l.tar.gz \