[OE-core][dunfell][PATCH] go: Security fix for CVE-2023-24538

From: Shubham Kulkarni html/template: disallow actions in JS template literals Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b Signed-off-by: Shubham Kulkarni --- meta/recipes-devtools/go/go-1.14.inc | 2 + .../go/go-1.14/CVE-2023-24

[OE-core][kirkstone][PATCH] go: Security fix for CVE-2023-24538

From: Shubham Kulkarni html/template: disallow actions in JS template literals Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b Signed-off-by: Shubham Kulkarni --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2023-24538.p

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

On Sat, Apr 22, 2023 at 9:06 AM Christoph Lauer wrote: > > Am 21.04.23 um 22:28 schrieb Bruce Ashfield: > > On Wed, Apr 19, 2023 at 11:03 PM Bruce Ashfield via > > lists.openembedded.org > > wrote: > >> > >> On Wed, Apr 19, 2023 at 6:54 PM Richard Purdie > >> wrote: > >>> > >>> On Wed, 2023-04-1

[OE-core] [PATCH] cve-extra-exclusions: linux-yocto: ignore fixed CVE-2023-1652 & CVE-2023-1829

CVE-2023-1652 & CVE-2023-1829 are fixed by all version used by linux-yocto. Fixing commits are not referenced by NVD but are referenced by: * https://www.linuxkernelcves.com * Debian kernel-sec team ... this should be trust worthy enough. Signed-off-by: Yoann Congal --- .../distro/include/cve-e

[OE-core] OE-core CVE metrics for langdale on Sun 23 Apr 2023 03:30:01 AM HST

Branch: langdale New this week: 8 CVEs CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-1579 (CVSS3: 7.8 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-202

[OE-core] OE-core CVE metrics for kirkstone on Sun 23 Apr 2023 03:00:01 AM HST

Branch: kirkstone New this week: 7 CVEs CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-24534 (CVSS3: 7.5 HIGH): go ht

[OE-core] OE-core CVE metrics for dunfell on Sun 23 Apr 2023 02:30:01 AM HST

Branch: dunfell New this week: 7 CVEs CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-24534 (CVSS3: 7.5 HIGH): go:go-na

[OE-core] OE-core CVE metrics for master on Sun 23 Apr 2023 02:00:01 AM HST

Branch: master New this week: 10 CVEs CVE-2023-1829 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1829 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-1989 (CVSS3: 7.0 HIGH): linux-yoct

[OE-core] [langdale][PATCH] populate_sdk_base: add zip options

From: Christoph Lauer Add SDK_ZIP_OPTIONS to remove symbolic link creation in zip archive or add options, e.g. for encryption of the zip archive. (From OE-Core rev: 04b62f9459b401c276255f166d0738b6f902a576) Signed-off-by: Christoph Lauer Signed-off-by: Alexandre Belloni Signed-off-by: Richar

[OE-core] [kirkstone][PATCH] populate_sdk_base: add zip options

From: Christoph Lauer Add SDK_ZIP_OPTIONS to remove symbolic link creation in zip archive or add options, e.g. for encryption of the zip archive. (From OE-Core rev: 04b62f9459b401c276255f166d0738b6f902a576) Signed-off-by: Christoph Lauer Signed-off-by: Alexandre Belloni Signed-off-by: Richar

[OE-core] [dunfell][PATCH] populate_sdk_base: add zip options

From: Christoph Lauer Add SDK_ZIP_OPTIONS to remove symbolic link creation in zip archive or add options, e.g. for encryption of the zip archive. (From OE-Core rev: 04b62f9459b401c276255f166d0738b6f902a576) Signed-off-by: Christoph Lauer Signed-off-by: Alexandre Belloni Signed-off-by: Richar