[dunfell,11/11] golang: ignore CVE-2022-30630

Message ID	20221117165456.1029099-11-ralph.siemsen@linaro.org
State	Accepted, archived
Commit	1e258940e9a6fabda6e7e60841082c113fdf9500
Headers	show Return-Path: <ralph.siemsen@linaro.org> ip: 209.85.219.43, mailfrom: ralph.siemsen@linaro.org) From: Ralph Siemsen <ralph.siemsen@linaro.org> To: openembedded-core@lists.openembedded.org Cc: Ralph Siemsen <ralph.siemsen@linaro.org> Subject: [dunfell][PATCH 11/11] golang: ignore CVE-2022-30630 Date: Thu, 17 Nov 2022 11:54:56 -0500 Message-Id: <20221117165456.1029099-11-ralph.siemsen@linaro.org> In-Reply-To: <20221117165456.1029099-1-ralph.siemsen@linaro.org> References: <20221117165456.1029099-1-ralph.siemsen@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/11] golang: fix CVE-2021-33195 \| expand [dunfell,01/11] golang: fix CVE-2021-33195 [dunfell,02/11] golang: fix CVE-2021-33198 [dunfell,03/11] golang: fix CVE-2021-44716 [dunfell,04/11] golang: fix CVE-2022-24291 [dunfell,05/11] golang: fix CVE-2022-28131 [dunfell,06/11] golang: fix CVE-2022-28327 [dunfell,07/11] golang: ignore CVE-2022-29804 [dunfell,08/11] golang: ignore CVE-2021-33194 [dunfell,09/11] golang: ignore CVE-2021-41772 [dunfell,10/11] golang: ignore CVE-2022-30580 [dunfell,11/11] golang: ignore CVE-2022-30630

Message ID

20221117165456.1029099-11-ralph.siemsen@linaro.org

State

Accepted, archived

Commit

1e258940e9a6fabda6e7e60841082c113fdf9500

Headers

From: Ralph Siemsen <ralph.siemsen@linaro.org>
To: openembedded-core@lists.openembedded.org
Cc: Ralph Siemsen <ralph.siemsen@linaro.org>
Subject: [dunfell][PATCH 11/11] golang: ignore CVE-2022-30630
Date: Thu, 17 Nov 2022 11:54:56 -0500
Message-Id: <20221117165456.1029099-11-ralph.siemsen@linaro.org>
In-Reply-To: <20221117165456.1029099-1-ralph.siemsen@linaro.org>
References: <20221117165456.1029099-1-ralph.siemsen@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/11] golang: fix CVE-2021-33195 | expand

Commit Message

Ralph Siemsen Nov. 17, 2022, 4:54 p.m. UTC

The CVE is in the io/fs package, which first appeared in go1.16.
Since dunfell is using go1.14, this issue does not apply.

CVE was fixed in fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
Original code in b64202bc29b9c1cf0118878d1c0acc9cdb2308f6

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
 meta/recipes-devtools/go/go-1.14.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 4c10104aca..2cd3c9311a 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -72,3 +72,6 @@  CVE_CHECK_WHITELIST += "CVE-2021-33194"
 
 # Issue introduced in go1.16, does not exist in 1.14
 CVE_CHECK_WHITELIST += "CVE-2021-41772"
+
+# Fixes code that was added in go1.16, does not exist in 1.14
+CVE_CHECK_WHITELIST += "CVE-2022-30630"

[dunfell,11/11] golang: ignore CVE-2022-30630

Commit Message

Patch