* [PATCH] go: Exclude CVE-2021-29923 from report list
@ 2021-09-06 14:28 Richard Purdie
0 siblings, 0 replies; only message in thread
From: Richard Purdie @ 2021-09-06 14:28 UTC (permalink / raw)
To: openembedded-core
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.
https://github.com/golang/go/issues/30999#issuecomment-910470358
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-devtools/go/go-1.16.7.inc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc
index bc1cd944496..02a92687790 100644
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -18,3 +18,8 @@ SRC_URI += "\
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
"
SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
--
2.32.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-06 14:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-06 14:28 [PATCH] go: Exclude CVE-2021-29923 from report list Richard Purdie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).