golang: ignore CVE-2021-33194

This is a bug in golang.org/x/net/html/parse.go. The golang compiler includes a partial copy of this under src/vendor/golang.org/x/net/ however the "html" subdirectory is not included. So this bug does not apply to the compiler itself. Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Ralph Siemsen <ralph.siemsen@linaro.org> 2022-11-17 11:54:53 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-11-23 00:26:19 +0000
commit: b8a851faef9990ccb41ded875fc79cf28abd4a4e (patch)
tree: b44fab4a57a090c6a331e46297e5b2356174c626
parent: bca720eca95929752436b56aa01e7fddfa1c834f (diff)
download: openembedded-core-contrib-b8a851faef9990ccb41ded875fc79cf28abd4a4e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index a0278b9816..ac4c4e9973 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -66,3 +66,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526"
 # Issue only on windows
 CVE_CHECK_WHITELIST += "CVE-2022-29804"
 CVE_CHECK_WHITELIST += "CVE-2022-30634"
+
+# Issue is in golang.org/x/net/html/parse.go, not used in go compiler
+CVE_CHECK_WHITELIST += "CVE-2021-33194"
author	Ralph Siemsen <ralph.siemsen@linaro.org>	2022-11-17 11:54:53 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-23 00:26:19 +0000
commit	b8a851faef9990ccb41ded875fc79cf28abd4a4e (patch)
tree	b44fab4a57a090c6a331e46297e5b2356174c626
parent	bca720eca95929752436b56aa01e7fddfa1c834f (diff)
download	openembedded-core-contrib-b8a851faef9990ccb41ded875fc79cf28abd4a4e.tar.gz