Message ID | 20231208104215.1425474-1-soumya.sambu@windriver.com |
---|---|
State | New |
Headers | show |
Series | [v2,1/1] go: ignore CVE-2023-45283 and CVE-2023-45284 | expand |
Hello, We had go upgrades in between, can you rebase (and check if this is still needed)? On 08/12/2023 10:42:15+0000, Soumya via lists.openembedded.org wrote: > From: Soumya Sambu <soumya.sambu@windriver.com> > > These CVEs affect path handling on Windows. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-45283 > https://nvd.nist.gov/vuln/detail/CVE-2023-45284 > > Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> > --- > meta/recipes-devtools/go/go-1.20.10.inc | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc > index 39509ed986..0c0a736084 100644 > --- a/meta/recipes-devtools/go/go-1.20.10.inc > +++ b/meta/recipes-devtools/go/go-1.20.10.inc > @@ -16,3 +16,6 @@ SRC_URI += "\ > file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ > " > SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb" > + > +CVE_STATUS[CVE-2023-45283] = "not-applicable-platform: Issue only applies on Windows" > +CVE_STATUS[CVE-2023-45284] = "not-applicable-platform: Issue only applies on Windows" > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#192038): https://lists.openembedded.org/g/openembedded-core/message/192038 > Mute This Topic: https://lists.openembedded.org/mt/103052741/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Alexandre, I see that current go version is 1.20.12 which is not vulnerable to these CVEs. Kindly ignore this patch. Regards, Soumya
diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc index 39509ed986..0c0a736084 100644 --- a/meta/recipes-devtools/go/go-1.20.10.inc +++ b/meta/recipes-devtools/go/go-1.20.10.inc @@ -16,3 +16,6 @@ SRC_URI += "\ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb" + +CVE_STATUS[CVE-2023-45283] = "not-applicable-platform: Issue only applies on Windows" +CVE_STATUS[CVE-2023-45284] = "not-applicable-platform: Issue only applies on Windows"