| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: golang.org
MR: 111958, 112390, 112393
Type: Security Fix
Disposition: Backport from https://github.com/golang/go.git
ChangeID: 662d021814f025b3d768a04864498486f94819a7
Description:
Affects < 1.16.5
Fixes:
CVE-2021-33196
CVE-2021-33197
CVE-2021-34558
(From OE-Core rev: 1eaac89b0384cc39ea489a3b7ea58eab6b23240b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.
https://github.com/golang/go/issues/30999#issuecomment-910470358
(From OE-Core rev: 9dfc6abbb83f8792fbfa1acb9c0fe4ab23872d8f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
updates include fixes for
CVE-2021-3114
CVE-2021-3115
(From OE-Core rev: ff2622311eebfeb2927217cd887040d5a0b32e76)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
update minor version to 1.14.12
go1.14.8 includes security fixes to the net/http/cgi and net/http/fcgi packages.
go1.14.9 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages.
go1.14.10 includes fixes to the compiler, runtime, and the plugin and testing packages.
go1.14.11 includes fixes to the runtime, and the net/http and time packages.
go1.14.12 includes security fixes to the cmd/go and math/big packages.
Release notes:
https://golang.org/doc/devel/release.html#go1.14.minor
updates include fix for
CVE-2020-24553
CVE-2020-28362
CVE-2020-28366
CVE-2020-28367
Also backport patch to fix below CGO_LDFLAGS error
| Building std for target, linux/amd64.
| go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
(From OE-Core rev: e216b2223cbe8c459348262f98b3cfbe79d12023)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_CHECK_WHITELIST += "CVE-2020-16845"
(From OE-Core rev: 787c7a2b355a06bc5d6d6fa30ccc37111c78ee00)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91580c9d335e0fbee95f94be6f9b34298d3e9a48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
(cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
(cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
(cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
(From OE-Core rev: e33d2ddaa6c8945227a5bbf4e96d63606d0fab38)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 7f79e3cb56774ac41423db41e634a74d522c8548)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 3daa9684e458b9c926e1a07acd9b1c0fe8bd2e86)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|