]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
go: Security Fix for CVE-2022-2879
authorSunil Kumar <sukumar@mvista.com>
Thu, 10 Nov 2022 12:00:59 +0000 (17:30 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 10 Nov 2022 16:18:49 +0000 (06:18 -1000)
commita8e2f91edfe2df5204a482c4e53fbdd08f80e878
tree44235a86c274f6fc8cd5dc34cc840d321d66dc1a
parentc008c56e9b03f0ce3eccf4c01799ae8e987e5cd5
go: Security Fix for CVE-2022-2879

archive/tar: limit size of headers

Set a 1MiB limit on special file blocks (PAX headers, GNU long names,
GNU link names), to avoid reading arbitrarily large amounts of data
into memory.

Link: https://github.com/golang/go/commit/0a723816cd2
Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc
meta/recipes-devtools/go/go-1.14/CVE-2022-2879.patch [new file with mode: 0644]