From: Ralph Siemsen <ralph.siemsen@linaro.org>
Date: Thu, 17 Nov 2022 16:54:53 +0000 (-0500)
Subject: golang: ignore CVE-2021-33194
X-Git-Tag: 2020-04.22-dunfell~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8a851faef9990ccb41ded875fc79cf28abd4a4e;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

golang: ignore CVE-2021-33194

This is a bug in golang.org/x/net/html/parse.go. The golang compiler
includes a partial copy of this under src/vendor/golang.org/x/net/
however the "html" subdirectory is not included. So this bug does not
apply to the compiler itself.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index a0278b98166..ac4c4e9973f 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -66,3 +66,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526"
 # Issue only on windows
 CVE_CHECK_WHITELIST += "CVE-2022-29804"
 CVE_CHECK_WHITELIST += "CVE-2022-30634"
+
+# Issue is in golang.org/x/net/html/parse.go, not used in go compiler
+CVE_CHECK_WHITELIST += "CVE-2021-33194"