From patchwork Thu Sep 14 16:33:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ssambu X-Patchwork-Id: 30454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66B53EEAA58 for ; Thu, 14 Sep 2023 16:34:11 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.473.1694709250760834876 for ; Thu, 14 Sep 2023 09:34:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=QamiFn4L; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=76211bba8e=soumya.sambu@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 38E8e4gR032640 for ; Thu, 14 Sep 2023 16:34:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding:content-type; s=PPS06212021; bh=/Rnge +Jr+yRxDAQyBh4bB+6rgARsOuA1wNTsR/gxlxk=; b=QamiFn4LbCbjen4Tt4mCy pVzPeIHJ1zkTbPU05k/7TrHiE+EspHfefKUr4TT6Oh81orR2z+z6wyMH6U1zeaKm DkXLm9937AKwf45DUE4L616q89Ie2v3Ve7AC8QVup94ypo1ukB257KuoZbX+ZcJJ 5MqGtRBuLuhP3Sa/oi4HM9Vor/QFw8ras5rCqDhlZSLs7UDbQ7/DXmxkjO+a7a9E JusA6ypZcc1T/e36+9r7S1mCc0LiL70v4GXuovVq26w99Jh1m7neuvISr1hCuro1 GfLtTqWv7vkCWL10UwOMfMxL+YkfoufL9Ar0TfIUsWSE/0J693BBCYrNhktcZz7B g== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3t2y8ma0bm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 14 Sep 2023 16:34:09 +0000 (GMT) Received: from blr-linux-engg1.wrs.com (147.11.136.210) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Thu, 14 Sep 2023 09:34:06 -0700 From: ssambu To: Subject: [OE-core][kirkstone][PATCH 1/1] go: Fix CVE-2023-39319 Date: Thu, 14 Sep 2023 16:33:48 +0000 Message-ID: <20230914163348.2724993-1-soumya.sambu@windriver.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 X-Originating-IP: [147.11.136.210] X-ClientProxiedBy: ala-exchng01.corp.ad.wrs.com (147.11.82.252) To ala-exchng01.corp.ad.wrs.com (147.11.82.252) X-Proofpoint-ORIG-GUID: 4v3dOPqPCwMgnU6hnMEQkLaO2FBuNtVe X-Proofpoint-GUID: 4v3dOPqPCwMgnU6hnMEQkLaO2FBuNtVe X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-14_09,2023-09-14_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 priorityscore=1501 mlxlogscore=729 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 suspectscore=0 clxscore=1015 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2309140143 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 14 Sep 2023 16:34:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187645 From: Soumya Sambu The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. References: https://nvd.nist.gov/vuln/detail/CVE-2023-39319 Signed-off-by: Soumya Sambu --- meta/recipes-devtools/go/go-1.17.13.inc | 3 +- .../go/go-1.20/CVE-2023-39319.patch | 254 ++++++++++++++++++ 2 files changed, 256 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-39319.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 91dd886cd0..c753a26a7e 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -1,6 +1,6 @@ require go-common.inc -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.21:${FILE_DIRNAME}/go-1.19:${FILE_DIRNAME}/go-1.18:" +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.21:${FILE_DIRNAME}/go-1.20:${FILE_DIRNAME}/go-1.19:${FILE_DIRNAME}/go-1.18:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -43,6 +43,7 @@ SRC_URI += "\ file://CVE-2023-24531_1.patch \ file://CVE-2023-24531_2.patch \ file://CVE-2023-29409.patch \ + file://CVE-2023-39319.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.20/CVE-2023-39319.patch b/meta/recipes-devtools/go/go-1.20/CVE-2023-39319.patch new file mode 100644 index 0000000000..1554aa975c --- /dev/null +++ b/meta/recipes-devtools/go/go-1.20/CVE-2023-39319.patch @@ -0,0 +1,254 @@ +From 2070531d2f53df88e312edace6c8dfc9686ab2f5 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Thu Aug 3 12:28:28 2023 -0700 +Subject: [PATCH] html/template: properly handle special tags within the script + context + +The HTML specification has incredibly complex rules for how to handle +"