]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0542ad) | patch
go: fix CVE-2025-47906
authorArchana Polampalli <archana.polampalli@windriver.com>
Thu, 9 Oct 2025 08:57:24 +0000 (14:27 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 9 Oct 2025 14:35:42 +0000 (07:35 -0700)
commitc4d81e32ee3fb7d05db2cfbfaaa8081841bc16ce
tree88dcdc29c0f6ac646d0d491604f73c583a078fd7tree | snapshot
parentb0542ad422ac1ba05dd5b8003429b8719619d892commit | diff
go: fix CVE-2025-47906

If the PATH environment variable contains paths which are executables
(rather than just directories), passing certain strings to LookPath
("", ".", and ".."), can result in the binaries listed in the PATH
being unexpectedly returned.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.17.13.inc diff | blob | blame | history
meta/recipes-devtools/go/go-1.21/CVE-2025-47906.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core