| Message ID | 20230921152611.400230-1-sakib.sajal@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | go: ignore CVE-2023-24532 | expand |
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 91dd886cd0..480e6caa2c 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -53,3 +53,10 @@ CVE_CHECK_IGNORE += "CVE-2021-29923" # This is specific to Microsoft Windows CVE_CHECK_IGNORE += "CVE-2022-41716" + +# Fix introduces new data structures defined in newer version of go. +# Also, from go maintainer, "it only affects niche configurations, +# namely very specific direct uses of crypto/elliptic. We found +# no real world protocol that could be attacked due to this." +# https://github.com/golang/go/issues/58647 +CVE_CHECK_IGNORE += "CVE-2023-24532"
Fix for the CVE introduces new data structures which are defined in newer versions of go. Also, from upstream maintainer, "...it only affects niche configurations, namely very specific direct uses of crypto/elliptic. We found no real world protocol that could be attacked due to this." Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> --- meta/recipes-devtools/go/go-1.17.13.inc | 7 +++++++ 1 file changed, 7 insertions(+)