1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 03:47:03 +00:00
Commit Graph

4 Commits

Author SHA1 Message Date
Sudhir Dumbhare f3fbf45c1d go-binary-native: set status for CVE-2026-39836
This issue affects Windows only. The net.Dial and net.LookupPort
functions can panic when given input containing a NUL byte.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-39836
https://security-tracker.debian.org/tracker/CVE-2026-39836

(From OE-Core rev: 8aab8b31425b3820ef65fc40061b9377c574607b)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-26 16:55:54 +01:00
Peter Marko 3f6144ca20 go-binary-native: ignore CVE-2025-0913
This was already done for all other go recipes.

(From OE-Core rev: 63dfdbf774dc24ea4e736a6d13d6aa8c72ebee4d)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-09-01 08:30:56 -07:00
Peter Marko e8a99c83b3 go: set status of CVE-2024-3566
NVD ([1]) tracks this as:
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Running on/with
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566

(From OE-Core rev: b8841097eaf7545abf56eb52a122e113b54ba2a7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:35:09 -07:00
Peter Marko ccb6625fee go: upgrade 1.22.11 -> 1.22.12
Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.11..go1.22.12
5817e65094 (tag: go1.22.12) [release-branch.go1.22] go1.22.12
0cc45e7ca6 [release-branch.go1.22] crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le
c3c6a50095 [release-branch.go1.22] cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch
e0a01acd04 [release-branch.go1.22] cmd/compile: fix write barrier coalescing

Fixes CVE-2025-22866

[1] https://github.com/golang/go/compare/go1.22.11...go1.22.12

(From OE-Core rev: 423ad5a67768738dac454b1e2aa27746f74511c5)

(From OE-Core rev: 9862cb44ad0f85eebbd9c7f6bcbf22df9cc10d0f)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-14 06:38:54 -08:00