]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
golang: ignore CVE-2022-30580
authorRalph Siemsen <ralph.siemsen@linaro.org>
Thu, 17 Nov 2022 16:54:55 +0000 (11:54 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 23 Nov 2022 00:26:19 +0000 (00:26 +0000)
commit54c40730bc54aa2b2c12b37decbcc99bbcafd07a
tree41670ccbd5bc02fdbc1603de3e46c1fc245cab3b
parent2329902f994b631d6b77e8bd501d5599db6d5306
golang: ignore CVE-2022-30580

Only affects Windows platform, as per the release announcement [1]:

"If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput
are executed when Cmd.Path is unset and, in the working directory, there
are binaries named either "..com" or "..exe", they will be executed."

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc