golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header

Source: https://github.com/argoheyard/lang-net MR: 114874 Type: Security Fix Disposition: Backport from https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282 ChangeID: bd3c4f9f44dd1c45e810172087004778522d28eb Description: CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-06-24 17:42:53 +0530
committer: Steve Sakoman <steve@sakoman.com> 2022-06-24 07:16:22 -1000
commit: 2850ef58f2a39a5ab19b1062d1b50160fec4daa8 (patch)
tree: 992e2127dd776f0278a0ea4efc76726077418262 /meta/recipes-devtools/go/go-1.14.inc
parent: 6625e24a6143765ce2e4e08d25e3fe021bc2cdf6 (diff)
download: openembedded-core-contrib-2850ef58f2a39a5ab19b1062d1b50160fec4daa8.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 773d252bd1..b160222f76 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -24,6 +24,7 @@ SRC_URI += "\
     file://CVE-2022-23772.patch \
     file://CVE-2021-44717.patch \
     file://CVE-2022-24675.patch \
+    file://CVE-2021-31525.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-06-24 17:42:53 +0530
committer	Steve Sakoman <steve@sakoman.com>	2022-06-24 07:16:22 -1000
commit	2850ef58f2a39a5ab19b1062d1b50160fec4daa8 (patch)
tree	992e2127dd776f0278a0ea4efc76726077418262 /meta/recipes-devtools/go/go-1.14.inc
parent	6625e24a6143765ce2e4e08d25e3fe021bc2cdf6 (diff)
download	openembedded-core-contrib-2850ef58f2a39a5ab19b1062d1b50160fec4daa8.tar.gz