diff options
author | Shubham Kulkarni <skulkarni@mvista.com> | 2023-05-02 21:40:12 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-05-03 12:36:56 -1000 |
commit | c8a597b76505dab7649f4c9b18e1e14b0e3d57af (patch) | |
tree | d512c91b687656f9857b6ae304a5bb7f88ed0ab2 /meta/recipes-devtools/go/go-1.14.inc | |
parent | fd4cc8d7b5156c43d162a1a5a809fae507457ef4 (diff) | |
download | openembedded-core-contrib-c8a597b76505dab7649f4c9b18e1e14b0e3d57af.tar.gz |
go: Security fix for CVE-2023-24538
html/template: disallow actions in JS template literals
Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14.inc')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 3b99b8fe7e..f734fe1ac8 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -58,6 +58,9 @@ SRC_URI += "\ file://CVE-2020-29510.patch \ file://CVE-2023-24537.patch \ file://CVE-2023-24534.patch \ + file://CVE-2023-24538-1.patch \ + file://CVE-2023-24538-2.patch \ + file://CVE-2023-24538-3.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |