mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-04-26 00:32:12 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Chaitanya Vadrevu	f19d7f427e	go: Fix issue in DNS resolver This change adds a patch that is a partial backport of an upstream commit[1]. It fixes a bug in go's DNS resolver that was causing a docker issue where the first "docker pull" always fails after system boot if docker daemon is started before networking is completely up. [1] `d52883f443` (From OE-Core rev: 8c8b01e84844a7e721c668d5ffbc7161e67f0862) Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-11-28 05:00:32 -10:00
Soumya Sambu	de7443a25d	go: Fix CVE-2023-39319 The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. References: https://nvd.nist.gov/vuln/detail/CVE-2023-39319 (From OE-Core rev: afdc322ecff4cfd8478c89a03f7fce748a132b48) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-23 05:26:15 -10:00

Chaitanya Vadrevu

f19d7f427e

go: Fix issue in DNS resolver

This change adds a patch that is a partial backport of an upstream
commit[1].

It fixes a bug in go's DNS resolver that was causing a docker issue
where the first "docker pull" always fails after system boot if docker
daemon is started before networking is completely up.

[1] d52883f443

(From OE-Core rev: 8c8b01e84844a7e721c668d5ffbc7161e67f0862)

Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-11-28 05:00:32 -10:00

Soumya Sambu

de7443a25d

go: Fix CVE-2023-39319

The html/template package does not apply the proper rules for handling
occurrences of "<script", "<!--", and "</script" within JS literals in
<script> contexts. This may cause the template parser to improperly
consider script contexts to be terminated early, causing actions to be
improperly escaped. This could be leveraged to perform an XSS attack.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39319

(From OE-Core rev: afdc322ecff4cfd8478c89a03f7fce748a132b48)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-09-23 05:26:15 -10:00

2 Commits