[1/1] go: ignore CVE-2023-45283 and CVE-2023-45284

Message ID	20231204033603.1720931-1-soumya.sambu@windriver.com
State	New
Headers	show Return-Path: <soumya.sambu@windriver.com> ip: 205.220.166.238, mailfrom: prvs=0702e6dcf2=soumya.sambu@windriver.com) From: ssambu <soumya.sambu@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [OE-core][PATCH 1/1] go: ignore CVE-2023-45283 and CVE-2023-45284 Date: Mon, 4 Dec 2023 03:36:03 +0000 Message-ID: <20231204033603.1720931-1-soumya.sambu@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[1/1] go: ignore CVE-2023-45283 and CVE-2023-45284 \| expand [1/1] go: ignore CVE-2023-45283 and CVE-2023-45284

Message ID

20231204033603.1720931-1-soumya.sambu@windriver.com

State

New

Headers

From: ssambu <soumya.sambu@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [OE-core][PATCH 1/1] go: ignore CVE-2023-45283 and CVE-2023-45284
Date: Mon, 4 Dec 2023 03:36:03 +0000
Message-ID: <20231204033603.1720931-1-soumya.sambu@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[1/1] go: ignore CVE-2023-45283 and CVE-2023-45284 | expand

Commit Message

ssambu Dec. 4, 2023, 3:36 a.m. UTC

From: Soumya Sambu <soumya.sambu@windriver.com>

These CVEs affect path handling on Windows.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45283
https://nvd.nist.gov/vuln/detail/CVE-2023-45284
https://security-tracker.debian.org/tracker/CVE-2023-45283
https://security-tracker.debian.org/tracker/CVE-2023-45284

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
 meta/recipes-devtools/go/go-1.20.10.inc | 3 +++
 1 file changed, 3 insertions(+)

Comments

Richard Purdie Dec. 6, 2023, 10:51 p.m. UTC | #1

On Mon, 2023-12-04 at 03:36 +0000, Soumya via lists.openembedded.org
wrote:
> From: Soumya Sambu <soumya.sambu@windriver.com>
> 
> These CVEs affect path handling on Windows.
> 
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2023-45283
> https://nvd.nist.gov/vuln/detail/CVE-2023-45284
> https://security-tracker.debian.org/tracker/CVE-2023-45283
> https://security-tracker.debian.org/tracker/CVE-2023-45284
> 
> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
> ---
>  meta/recipes-devtools/go/go-1.20.10.inc | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc
> index 39509ed986..b240da3f86 100644
> --- a/meta/recipes-devtools/go/go-1.20.10.inc
> +++ b/meta/recipes-devtools/go/go-1.20.10.inc
> @@ -16,3 +16,6 @@ SRC_URI += "\
>      file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
>  "
>  SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb"
> +
> +# Microsoft Windows specific CVEs
> +CVE_CHECK_IGNORE += "CVE-2023-45283 CVE-2023-45284"

This should be using CVE_STATUS instead for master.

Cheers,

Richard

diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc
index 39509ed986..b240da3f86 100644
--- a/meta/recipes-devtools/go/go-1.20.10.inc
+++ b/meta/recipes-devtools/go/go-1.20.10.inc
@@ -16,3 +16,6 @@  SRC_URI += "\
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
 "
 SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb"
+
+# Microsoft Windows specific CVEs
+CVE_CHECK_IGNORE += "CVE-2023-45283 CVE-2023-45284"

[1/1] go: ignore CVE-2023-45283 and CVE-2023-45284

Commit Message

Comments

Patch