]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
golang: ignore CVE-2022-29804
authorRalph Siemsen <ralph.siemsen@linaro.org>
Thu, 17 Nov 2022 16:54:52 +0000 (11:54 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 23 Nov 2022 00:26:19 +0000 (00:26 +0000)
The issue only affects Windows per the golang announcement [1]:

On Windows, the filepath.Clean function could convert an invalid path to
a valid, absolute path. For example, Clean(`.\c:`) returned `c:`.

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc

index 6e596f4141320ffe455edb4f00758844a5fc179b..a0278b981664aa14b6405db2135b3173658dcef5 100644 (file)
@@ -64,4 +64,5 @@ CVE_CHECK_WHITELIST += "CVE-2021-29923"
 CVE_CHECK_WHITELIST += "CVE-2022-29526"
 
 # Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2022-29804"
 CVE_CHECK_WHITELIST += "CVE-2022-30634"