go: Security fix for CVE-2023-24538

html/template: disallow actions in JS template literals Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Shubham Kulkarni <skulkarni@mvista.com> 2023-05-02 21:40:12 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-05-03 12:36:56 -1000
commit: c8a597b76505dab7649f4c9b18e1e14b0e3d57af (patch)
tree: d512c91b687656f9857b6ae304a5bb7f88ed0ab2 /meta/recipes-devtools/go/go-1.14.inc
parent: fd4cc8d7b5156c43d162a1a5a809fae507457ef4 (diff)
download: openembedded-core-contrib-c8a597b76505dab7649f4c9b18e1e14b0e3d57af.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 3b99b8fe7e..f734fe1ac8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -58,6 +58,9 @@ SRC_URI += "\
     file://CVE-2020-29510.patch \
     file://CVE-2023-24537.patch \
     file://CVE-2023-24534.patch \
+    file://CVE-2023-24538-1.patch \
+    file://CVE-2023-24538-2.patch \
+    file://CVE-2023-24538-3.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
author	Shubham Kulkarni <skulkarni@mvista.com>	2023-05-02 21:40:12 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-05-03 12:36:56 -1000
commit	c8a597b76505dab7649f4c9b18e1e14b0e3d57af (patch)
tree	d512c91b687656f9857b6ae304a5bb7f88ed0ab2 /meta/recipes-devtools/go/go-1.14.inc
parent	fd4cc8d7b5156c43d162a1a5a809fae507457ef4 (diff)
download	openembedded-core-contrib-c8a597b76505dab7649f4c9b18e1e14b0e3d57af.tar.gz