Skip to content
Commit 2329902f authored by Ralph Siemsen's avatar Ralph Siemsen Committed by Richard Purdie
Browse files

golang: ignore CVE-2021-41772 

Dunfell uses golang 1.14 which does not contain the affected code (it
was introduced in golang 1.16). From the golang announcement [1]

"Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can
be made to panic by an attacker providing either a crafted ZIP archive
containing completely invalid names or an empty filename argument.

[1] https://groups.google.com/g/golang-announce/c/0fM21h43arc



Signed-off-by: default avatarRalph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: default avatarSteve Sakoman <steve@sakoman.com>
parent b8a851fa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment