Hi Steve, Is there any issue with this patch? It's not included in the patch review list email.
Thanks, Shubham On Fri, 21 Apr, 2023, 4:54 pm Shubham Kulkarni, <skulka...@mvista.com> wrote: > From: Shubham Kulkarni <skulka...@mvista.com> > > The vulnerability was introduced in go1.15beta1 with commit d5734d4. > Dunfell uses go1.14 version which does not contain the affected code. > > Ref: https://security-tracker.debian.org/tracker/CVE-2022-1705 > > Signed-off-by: Shubham Kulkarni <skulka...@mvista.com> > --- > meta/recipes-devtools/go/go-1.14.inc | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-devtools/go/go-1.14.inc > b/meta/recipes-devtools/go/go-1.14.inc > index 8df9d62612..961e233fe6 100644 > --- a/meta/recipes-devtools/go/go-1.14.inc > +++ b/meta/recipes-devtools/go/go-1.14.inc > @@ -85,3 +85,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-30630" > > # This is specific to Microsoft Windows > CVE_CHECK_WHITELIST += "CVE-2022-41716" > + > +# Issue introduced in go1.15beta1, does not exist in 1.14 > +CVE_CHECK_WHITELIST += "CVE-2022-1705" > -- > 2.40.0 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180323): https://lists.openembedded.org/g/openembedded-core/message/180323 Mute This Topic: https://lists.openembedded.org/mt/98436310/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
