diff options
author | Ralph Siemsen <ralph.siemsen@linaro.org> | 2022-11-17 11:54:55 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-07 15:06:37 +0000 |
commit | d6dd3b49bd9c85f1e310e682775f32e860122f46 (patch) | |
tree | 37a7601d32957364ae40b5a5224d8837aa372eb9 /meta/recipes-devtools/go | |
parent | d9cfb16b8be00e62148f8fc08f953b088364ce9f (diff) | |
download | poky-d6dd3b49bd9c85f1e310e682775f32e860122f46.tar.gz |
golang: ignore CVE-2022-30580
Only affects Windows platform, as per the release announcement [1]:
"If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput
are executed when Cmd.Path is unset and, in the working directory, there
are binaries named either "..com" or "..exe", they will be executed."
[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
(From OE-Core rev: 54c40730bc54aa2b2c12b37decbcc99bbcafd07a)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 8c7df2dede..a0eaa80ed4 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -65,6 +65,7 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526" | |||
65 | 65 | ||
66 | # Issue only on windows | 66 | # Issue only on windows |
67 | CVE_CHECK_WHITELIST += "CVE-2022-29804" | 67 | CVE_CHECK_WHITELIST += "CVE-2022-29804" |
68 | CVE_CHECK_WHITELIST += "CVE-2022-30580" | ||
68 | CVE_CHECK_WHITELIST += "CVE-2022-30634" | 69 | CVE_CHECK_WHITELIST += "CVE-2022-30634" |
69 | 70 | ||
70 | # Issue is in golang.org/x/net/html/parse.go, not used in go compiler | 71 | # Issue is in golang.org/x/net/html/parse.go, not used in go compiler |