]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c008c56) | patch
go: Security Fix for CVE-2022-2879
authorSunil Kumar <sukumar@mvista.com>
Thu, 10 Nov 2022 12:00:59 +0000 (17:30 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 10 Nov 2022 16:18:49 +0000 (06:18 -1000)
commita8e2f91edfe2df5204a482c4e53fbdd08f80e878
tree44235a86c274f6fc8cd5dc34cc840d321d66dc1atree
parentc008c56e9b03f0ce3eccf4c01799ae8e987e5cd5commit | diff
go: Security Fix for CVE-2022-2879

archive/tar: limit size of headers

Set a 1MiB limit on special file blocks (PAX headers, GNU long names,
GNU link names), to avoid reading arbitrarily large amounts of data
into memory.

Link: https://github.com/golang/go/commit/0a723816cd2
Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc diff | blob | blame | history
meta/recipes-devtools/go/go-1.14/CVE-2022-2879.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core