go: fix CVE-2022-23806 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Minjae Kim <flowergom@gmail.com>	2022-02-26 20:55:34 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-09 17:30:48 +0000
commit	dfd900b5b0a8834499cddbfcb196ecccd79c9003 (patch)
tree	b5d01009d0e4b0a3a5da3fea950bf6bbe04619ff /scripts/lib/scriptpath.py
parent	6bba192936c25702316589ca59403daa1bf574da (diff)
download	poky-dfd900b5b0a8834499cddbfcb196ecccd79c9003.tar.gz

go: fix CVE-2022-23806

crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values. Upstream-Status: Backport [https://go.dev/issue/50974] CVE: CVE-2022-23806 (From OE-Core rev: eb7aa0929ecd712aeeec0ff37dfb77c3da33b375) Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: