[hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list

From: "Anuj Mittal" <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list
Date: Thu, 16 Sep 2021 07:15:35 +0800	[thread overview]
Message-ID: <573337b8432677fa3a7643e74045ae7d7b331b3f.1631747352.git.anuj.mittal@intel.com> (raw)
In-Reply-To: <cover.1631747352.git.anuj.mittal@intel.com>

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-devtools/go/go-1.16.7.inc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc
index ed2d94671b..9eca1caeeb 100644
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -19,3 +19,8 @@ SRC_URI += "\
     file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \
 "
 SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
-- 
2.31.1

