| Message ID | 20221117165456.1029099-8-ralph.siemsen@linaro.org |
|---|---|
| State | Accepted, archived |
| Commit | b8a851faef9990ccb41ded875fc79cf28abd4a4e |
| Headers | show |
| Series | [dunfell,01/11] golang: fix CVE-2021-33195 | expand |
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index a76e5ab70c..9fd46356e9 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -65,3 +65,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526" # Issue only on windows CVE_CHECK_WHITELIST += "CVE-2022-29804" CVE_CHECK_WHITELIST += "CVE-2022-30634" + +# Issue is in golang.org/x/net/html/parse.go, not used in go compiler +CVE_CHECK_WHITELIST += "CVE-2021-33194"
This is a bug in golang.org/x/net/html/parse.go. The golang compiler includes a partial copy of this under src/vendor/golang.org/x/net/ however the "html" subdirectory is not included. So this bug does not apply to the compiler itself. Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> --- meta/recipes-devtools/go/go-1.14.inc | 3 +++ 1 file changed, 3 insertions(+)