go: Fix CVE-2024-24789 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-01 04:55:33 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-08-08 09:03:45 -0700
commit	7506cbff40f07ae937758a5fbf872ce751e8c3ba (patch)
tree	9a497832d1eb2fba464839140bfa2e38e6360771 /meta/recipes-kernel
parent	ae4a66db4bd23f3b6ee71ff27986a6a3d2b84f66 (diff)
download	poky-7506cbff40f07ae937758a5fbf872ce751e8c3ba.tar.gz

go: Fix CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. References: https://nvd.nist.gov/vuln/detail/CVE-2024-24789 Upstream-patch: https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (From OE-Core rev: f198fdc392c6e3b99431383ab6577749e83f1cb3) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: