go: set status for CVE-2026-39836

This issue affects Windows only. The net.Dial and net.LookupPort
functions can panic when given input containing a NUL byte.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-39836
https://security-tracker.debian.org/tracker/CVE-2026-39836

(From OE-Core rev: 324359dcb7cbeb15ef51f5cc18924f590c81b1de)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Sudhir Dumbhare
2026-06-02 03:26:17 -07:00
committed by Paul Barker
parent f3fbf45c1d
commit 5087e4b4a0

View File

@@ -65,3 +65,4 @@ SRC_URI += "\
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows"
CVE_STATUS[CVE-2026-39836] = "not-applicable-platform: Issue only applies on Windows"