Message ID | 20221117165456.1029099-7-ralph.siemsen@linaro.org |
---|---|
State | Accepted, archived |
Commit | bca720eca95929752436b56aa01e7fddfa1c834f |
Headers | show |
Series | [dunfell,01/11] golang: fix CVE-2021-33195 | expand |
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 467ba13b72..a76e5ab70c 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -63,4 +63,5 @@ CVE_CHECK_WHITELIST += "CVE-2021-29923" CVE_CHECK_WHITELIST += "CVE-2022-29526" # Issue only on windows +CVE_CHECK_WHITELIST += "CVE-2022-29804" CVE_CHECK_WHITELIST += "CVE-2022-30634"
The issue only affects Windows per the golang announcement [1]: On Windows, the filepath.Clean function could convert an invalid path to a valid, absolute path. For example, Clean(`.\c:`) returned `c:`. [1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> --- meta/recipes-devtools/go/go-1.14.inc | 1 + 1 file changed, 1 insertion(+)