mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-05 23:09:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
18469232f6c74cd38bc615de72a68a1e4ed9478a
poky/meta/recipes-devtools/go
History
Vivek Kumbhar 15f7694793 go: fix CVE-2023-24539 html/template improper sanitization of CSS values 
Angle brackets should not appear in CSS contexts, as they may affect
token boundaries (such as closing a <style> tag, resulting in
injection). Instead emit filterFailsafe, matching the behavior for other
dangerous characters.

Thanks to Juho Nurminen of Mattermost for reporting this issue.

For #59720
Fixes #59811
Fixes CVE-2023-24539

(From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-06-14 04:16:59 -10:00
..
go-1.18
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
2023-06-14 04:16:59 -10:00
go-1.19
go: fix CVE-2023-24540
2023-05-30 04:11:15 -10:00
go_1.17.13.bb
meta: remove True option to getVar and getVarFlag calls (again)
2023-02-15 21:46:56 +00:00
go-1.17.13.inc
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
2023-06-14 04:16:59 -10:00
go-binary-native_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-common.inc
go: correctly set debug-prefix-map and build directory
2022-01-05 17:18:15 +00:00
go-cross_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-cross-canadian_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-cross-canadian.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-cross.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-crosssdk_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-crosssdk.inc
go-crosssdk: avoid host contamination by GOCACHE
2023-01-06 17:33:23 +00:00
go-native_1.17.13.bb
go-native: switch from SRC_URI:append to SRC_URI +=
2022-09-28 08:02:11 +01:00
go-runtime_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-runtime.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-target.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00