[OE-core] [warrior 18/19] go: fix CVE-2019-16276
Martin Jansa
martin.jansa at gmail.com
Fri Nov 1 17:12:00 UTC 2019
I've reported the same yesterday:
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288638.html
and sent upgrade to match the minor version used in warrior to the one in
zeus (which resolves the patch to apply cleanly):
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288656.html
I don't use go for anything, but go 1.11 was also updated in thud:
http://lists.openembedded.org/pipermail/openembedded-core/2019-October/287724.html
so I was assuming that this minor upgrade in 1.12 should be safe enough for
warrior as well.
Regards,
On Fri, Nov 1, 2019 at 6:40 PM Khem Raj <raj.khem at gmail.com> wrote:
> On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z at gmail.com>
> wrote:
> >
> > Hello Armin,
> >
> > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808 at gmail.com>
> wrote:
> > >
> > > From: Chen Qi <Qi.Chen at windriver.com>
> > >
> > > Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> > > Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
> > > Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
> > > Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> > > ---
> >
> > This patch didn't apply clean on warrior, but same patch on master
> > seems to be OK. I got a hunk in transport_test.go which has been
> > resolved by build, but since this is security-related patch I wanted
> > to bring some attention here.
> >
>
> if its failing in testcase as a last report we can drop that if that
> hunk is not backportable.
> > >
> > > --
> > > _______________________________________________
> > > Openembedded-core mailing list
> > > Openembedded-core at lists.openembedded.org
> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >
> > --
> > Regards,
> > Andrey.
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191101/954ac630/attachment-0001.html>
More information about the Openembedded-core
mailing list