mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-25 10:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d80ece64abe66fe082d26ef7123012dc3a14ac5e
poky/meta/recipes-devtools/go
History
Praveen Kumar 212172aa13 go: Fix CVE-2024-45336 
The HTTP client drops sensitive headers after following a cross-domain redirect.
For example, a request to a.com/ containing an Authorization header which is redirected to
b.com/ will not send that header to b.com. In the event that the client received a subsequent
same-domain redirect, however, the sensitive headers would be restored. For example, a chain
of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the
Authorization header to b.com/2.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45336

Upstream-patch:
b72d56f98d

(From OE-Core rev: 63e84b64f055ad7c91de67194e6739c96fb95496)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-15 06:04:43 -08:00
..
go-1.18
go: Fix for CVE-2023-45288
2024-05-02 06:21:09 -07:00
go-1.19
go: Fix CVE-2023-29409
2023-08-30 04:46:35 -10:00
go-1.20
go: Fix CVE-2023-45285 and CVE-2023-45287
2024-02-15 03:51:56 -10:00
go-1.21
go: Fix CVE-2024-45336
2025-02-15 06:04:43 -08:00
go_1.17.13.bb
meta: remove True option to getVar and getVarFlag calls (again)
2023-02-15 21:46:56 +00:00
go-1.17.13.inc
go: Fix CVE-2024-45336
2025-02-15 06:04:43 -08:00
go-binary-native_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-common.inc
go: correctly set debug-prefix-map and build directory
2022-01-05 17:18:15 +00:00
go-cross_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-cross-canadian_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-cross-canadian.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-cross.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-crosssdk_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-crosssdk.inc
go-crosssdk: avoid host contamination by GOCACHE
2023-01-06 17:33:23 +00:00
go-native_1.17.13.bb
go-native: switch from SRC_URI:append to SRC_URI +=
2022-09-28 08:02:11 +01:00
go-runtime_1.17.13.bb
go: update v1.17.12 -> v1.17.13
2022-08-28 07:51:29 +01:00
go-runtime.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00
go-target.inc
go: Remove three unnecessary paths from do_compile[dirs]
2022-03-15 08:40:09 +00:00