From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 17/21] golang: ignore CVE-2022-30630
Date: Sat, 19 Nov 2022 07:47:45 -1000 [thread overview]
Message-ID: <283de0feeea4c0780e90e56edb3b15134f71638b.1668879817.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1668879817.git.steve@sakoman.com>
From: Ralph Siemsen <ralph.siemsen@linaro.org>
The CVE is in the io/fs package, which first appeared in go1.16.
Since dunfell is using go1.14, this issue does not apply.
CVE was fixed in fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
Original code in b64202bc29b9c1cf0118878d1c0acc9cdb2308f6
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index a0eaa80ed4..cec37c1b09 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -73,3 +73,6 @@ CVE_CHECK_WHITELIST += "CVE-2021-33194"
# Issue introduced in go1.16, does not exist in 1.14
CVE_CHECK_WHITELIST += "CVE-2021-41772"
+
+# Fixes code that was added in go1.16, does not exist in 1.14
+CVE_CHECK_WHITELIST += "CVE-2022-30630"
--
2.25.1
next prev parent reply other threads:[~2022-11-19 17:48 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-19 17:47 [OE-core][dunfell 00/21] Patch review Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 01/21] sudo: CVE-2022-43995 heap-based overflow with very small passwords Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 02/21] systemd: Fix CVE-2022-3821 issue Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 03/21] python3: Fix CVE-2022-45061 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 04/21] libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 05/21] libxml2: Fix CVE-2022-40303 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 06/21] libxml2: Fix CVE-2022-40304 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 07/21] golang: fix CVE-2021-33195 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 08/21] golang: fix CVE-2021-33198 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 09/21] golang: fix CVE-2021-44716 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 10/21] golang: fix CVE-2022-24291 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 11/21] golang: fix CVE-2022-28131 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 12/21] golang: fix CVE-2022-28327 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 13/21] golang: ignore CVE-2022-29804 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 14/21] golang: ignore CVE-2021-33194 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 15/21] golang: ignore CVE-2021-41772 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 16/21] golang: ignore CVE-2022-30580 Steve Sakoman
2022-11-19 17:47 ` Steve Sakoman [this message]
2022-11-19 17:47 ` [OE-core][dunfell 18/21] gcc : upgrade to v9.5 Steve Sakoman
2022-11-20 4:44 ` Ranjitsinh Rathod
2022-11-20 14:20 ` Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 19/21] maintainers: update gcc version to 9.5 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 20/21] vim: upgrade 9.0.0614 -> 9.0.0820 Steve Sakoman
2022-11-19 17:47 ` [OE-core][dunfell 21/21] sstate: Account for reserved characters when shortening sstate filenames Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=283de0feeea4c0780e90e56edb3b15134f71638b.1668879817.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox