| Message ID | 20231204033603.1720931-1-soumya.sambu@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/1] go: ignore CVE-2023-45283 and CVE-2023-45284 | expand |
On Mon, 2023-12-04 at 03:36 +0000, Soumya via lists.openembedded.org wrote: > From: Soumya Sambu <soumya.sambu@windriver.com> > > These CVEs affect path handling on Windows. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-45283 > https://nvd.nist.gov/vuln/detail/CVE-2023-45284 > https://security-tracker.debian.org/tracker/CVE-2023-45283 > https://security-tracker.debian.org/tracker/CVE-2023-45284 > > Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> > --- > meta/recipes-devtools/go/go-1.20.10.inc | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc > index 39509ed986..b240da3f86 100644 > --- a/meta/recipes-devtools/go/go-1.20.10.inc > +++ b/meta/recipes-devtools/go/go-1.20.10.inc > @@ -16,3 +16,6 @@ SRC_URI += "\ > file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ > " > SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb" > + > +# Microsoft Windows specific CVEs > +CVE_CHECK_IGNORE += "CVE-2023-45283 CVE-2023-45284" This should be using CVE_STATUS instead for master. Cheers, Richard
diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.10.inc index 39509ed986..b240da3f86 100644 --- a/meta/recipes-devtools/go/go-1.20.10.inc +++ b/meta/recipes-devtools/go/go-1.20.10.inc @@ -16,3 +16,6 @@ SRC_URI += "\ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb" + +# Microsoft Windows specific CVEs +CVE_CHECK_IGNORE += "CVE-2023-45283 CVE-2023-45284"