git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Praveen Kumar <praveen.kumar@windriver.com>
	Tue, 26 Aug 2025 03:57:43 +0000 (09:27 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Tue, 26 Aug 2025 20:08:52 +0000 (13:08 -0700)
commit	22d8ac9884208b8f9b2a69ec6a257c62e1f2f8d2
tree	fa9e4c86c2d19368b8329e3dbb0790f98dd42c40	tree \| snapshot
parent	c9a15206bae7f1e85dc3b8812eabb936a7e6d383	commit \| diff

go: fix CVE-2025-47907

Cancelling a query (e.g. by cancelling the context passed to one of
the query methods) during a call to the Scan method of the returned
Rows can result in unexpected results if other queries are being made
in parallel. This can result in a race condition that may overwrite
the expected results with those of another query, causing the call to
Scan to return either unexpected results from the other query or an
error.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47907

Upstream-patch:
https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/go/go-1.22.12.inc		diff \| blob \| blame \| history
meta/recipes-devtools/go/go/CVE-2025-47907-pre.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/go/go/CVE-2025-47907.patch	[new file with mode: 0644]	blob