From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/8] go: ignore CVE-2022-41716
Date: Sat, 22 Apr 2023 05:54:38 -1000 [thread overview]
Message-ID: <ae8167754ff1c02f2d92af03de804754ea77a3e5.1682178752.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1682178752.git.steve@sakoman.com>
From: Peter Marko <peter.marko@siemens.com>
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old code.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.17.13.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 15d19ed124..34d58aec2f 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -34,3 +34,6 @@ SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784
# fix in 1.17 onwards where we can drop this.
# https://github.com/golang/go/issues/30999#issuecomment-910470358
CVE_CHECK_IGNORE += "CVE-2021-29923"
+
+# This is specific to Microsoft Windows
+CVE_CHECK_IGNORE += "CVE-2022-41716"
--
2.34.1
next prev parent reply other threads:[~2023-04-22 15:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-22 15:54 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 1/8] ruby: CVE-2023-28756 ReDoS vulnerability in Time Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 2/8] curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 3/8] cargo : non vulnerable cve-2022-46176 added to excluded list Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 4/8] go-runtime: Security fix for CVE-2022-41722 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 5/8] shadow: backport patch to fix CVE-2023-29383 Steve Sakoman
2023-04-22 15:54 ` Steve Sakoman [this message]
2023-04-22 15:54 ` [OE-core][kirkstone 7/8] screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 8/8] go: fix CVE-2023-24537 Infinite loop in parsing Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae8167754ff1c02f2d92af03de804754ea77a3e5.1682178752.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox