golang: ignore CVE-2021-41772 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ralph Siemsen <ralph.siemsen@linaro.org>	2022-11-17 11:54:54 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-07 15:06:37 +0000
commit	d9cfb16b8be00e62148f8fc08f953b088364ce9f (patch)
tree	5354ae725bd1bd691825db69620ea9426e42ca5f /scripts/lib/devtool/sdk.py
parent	122b22b36622ac416da64425bbf25df9625c84db (diff)
download	poky-d9cfb16b8be00e62148f8fc08f953b088364ce9f.tar.gz

golang: ignore CVE-2021-41772

Dunfell uses golang 1.14 which does not contain the affected code (it was introduced in golang 1.16). From the golang announcement [1] "Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made to panic by an attacker providing either a crafted ZIP archive containing completely invalid names or an empty filename argument. [1] https://groups.google.com/g/golang-announce/c/0fM21h43arc (From OE-Core rev: 2329902f994b631d6b77e8bd501d5599db6d5306) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/devtool/sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: