]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4870543)
go: Ignore CVE-2022-1705
authorShubham Kulkarni <skulkarni@mvista.com>
Sun, 23 Apr 2023 05:55:44 +0000 (11:25 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 24 Apr 2023 17:36:35 +0000 (07:36 -1000)
The vulnerability was introduced in go1.15beta1 with commit d5734d4.
Dunfell uses go1.14 version which does not contain the affected code.

Ref: https://security-tracker.debian.org/tracker/CVE-2022-1705

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc patch | blob | blame | history

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 56f4f12c37fffcccdc3573e1031610c61e6af3e2..b1d7bc155a43dbb5c1d1345586a6f45b05ef38bd 100644 (file)
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -87,3 +87,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-30630"
 
 # This is specific to Microsoft Windows
 CVE_CHECK_WHITELIST += "CVE-2022-41716"
+
+# Issue introduced in go1.15beta1, does not exist in 1.14
+CVE_CHECK_WHITELIST += "CVE-2022-1705"
Mirror of git://git.openembedded.org/openembedded-core