diff mbox series

[meta-lts-mixins,kirkstone/go] go: set status of CVE-2024-3566

Message ID 20250619213154.16580-1-peter.marko@siemens.com
State New
Headers show
Series [meta-lts-mixins,kirkstone/go] go: set status of CVE-2024-3566 | expand

Commit Message

Peter Marko June 19, 2025, 9:31 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

NVD ([1]) tracks this as:
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Running on/with
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566

(From OE-Core rev: c8ce6710d864d237fdf67d2c3d3aa0f0970a2a05)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Switched CVE_SDTATUS to CVE_CHECK_IGNORE syntax.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 recipes-devtools/go/go-binary-native_1.24.4.bb | 3 +++
 recipes-devtools/go/go-common.inc              | 3 +++
 2 files changed, 6 insertions(+)

Comments

Jose Quaresma June 20, 2025, 9:40 a.m. UTC | #1 
Peter Marko via lists.yoctoproject.org <peter.marko=
siemens.com@lists.yoctoproject.org> escreveu (quinta, 19/06/2025 à(s)
22:32):

> From: Peter Marko <peter.marko@siemens.com>
>
> NVD ([1]) tracks this as:
> cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
> Running on/with
>   cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
>
> Yocto cve-check ignores the "Running on/with", so it needs to be ignored
> explicitly.
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566
>
> (From OE-Core rev: c8ce6710d864d237fdf67d2c3d3aa0f0970a2a05)
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> Switched CVE_SDTATUS to CVE_CHECK_IGNORE syntax.
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---
>  recipes-devtools/go/go-binary-native_1.24.4.bb | 3 +++
>  recipes-devtools/go/go-common.inc              | 3 +++
>  2 files changed, 6 insertions(+)
>
> diff --git a/recipes-devtools/go/go-binary-native_1.24.4.bb
> b/recipes-devtools/go/go-binary-native_1.24.4.bb
> index 9f78853..d1f8fc6 100644
> --- a/recipes-devtools/go/go-binary-native_1.24.4.bb
> +++ b/recipes-devtools/go/go-binary-native_1.24.4.bb
> @@ -18,6 +18,9 @@ UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
>
>  CVE_PRODUCT = "golang:go"
>
> +# not-applicable-platform: Issue only applies on Windows
> +CVE_CHECK_IGNORE += "CVE-2024-3566"
> +
>  S = "${WORKDIR}/go"
>
>  inherit goarch native
> diff --git a/recipes-devtools/go/go-common.inc
> b/recipes-devtools/go/go-common.inc
> index ca8469d..e90aab8 100644
> --- a/recipes-devtools/go/go-common.inc
> +++ b/recipes-devtools/go/go-common.inc
> @@ -22,6 +22,9 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
>  # all recipe variants are created from the same product
>  CVE_PRODUCT = "golang:go"
>
> +# not-applicable-platform: Issue only applies on Windows
> +CVE_CHECK_IGNORE += "CVE-2024-3566"
> +
>  INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
>  SSTATE_SCAN_CMD = "true"
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#1664):
> https://lists.yoctoproject.org/g/yocto-patches/message/1664
> Mute This Topic: https://lists.yoctoproject.org/mt/113733474/5052612
> Group Owner: yocto-patches+owner@lists.yoctoproject.org
> Unsubscribe:
> https://lists.yoctoproject.org/g/yocto-patches/leave/13170708/5052612/1504338242/xyzzy
> [quaresma.jose@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
>
Thanks, applied
diff mbox series

Patch

diff --git a/recipes-devtools/go/go-binary-native_1.24.4.bb b/recipes-devtools/go/go-binary-native_1.24.4.bb
index 9f78853..d1f8fc6 100644
--- a/recipes-devtools/go/go-binary-native_1.24.4.bb
+++ b/recipes-devtools/go/go-binary-native_1.24.4.bb
@@ -18,6 +18,9 @@  UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
 
 CVE_PRODUCT = "golang:go"
 
+# not-applicable-platform: Issue only applies on Windows
+CVE_CHECK_IGNORE += "CVE-2024-3566"
+
 S = "${WORKDIR}/go"
 
 inherit goarch native
diff --git a/recipes-devtools/go/go-common.inc b/recipes-devtools/go/go-common.inc
index ca8469d..e90aab8 100644
--- a/recipes-devtools/go/go-common.inc
+++ b/recipes-devtools/go/go-common.inc
@@ -22,6 +22,9 @@  UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
 # all recipe variants are created from the same product
 CVE_PRODUCT = "golang:go"
 
+# not-applicable-platform: Issue only applies on Windows
+CVE_CHECK_IGNORE += "CVE-2024-3566"
+
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"