MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-10-22 15:04:00 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
meta-virtualization/recipes-devtools
History
Anil Dongare 23dff61259 grpc-go 1.59.0+git: Ignore CVE-2024-7246 
Upstream Repository: https://github.com/grpc/grpc-go

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-7246
Type: Security Fix
CVE: CVE-2024-7246
Score: 6.3 (Medium)
Patch: https://github.com/grpc/grpc/issues/36245

Analysis:
-CVE-2024-7246 describes an HTTP/2 HPACK header table poisoning
 issue found in the gRPC C-core implementation (grpc/grpc).
-The vulnerability does not apply to the pure Go implementation
 (grpc-go) used in Yocto (meta-virtualization layer).
-Marking as not-applicable-config (implementation difference).
-The affected code path is not present in grpc-go.Hence ignoring the
  CVE for grpc-go.

Reference:
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-7246
[2] https://github.com/grpc/grpc/issues/36245
[3] Upstream gRPC release notes confirming fixed versions for gRPC
    C-core (not grpc-go).

Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-09-03 21:40:45 -04:00
..
go grpc-go 1.59.0+git: Ignore CVE-2024-7246 2025-09-03 21:40:45 -04:00
python devtools: adapt to UNPACKDIR changes 2025-06-25 22:55:55 -04:00
qemu qemu: adapt to OE-core qemu splitting 2023-08-01 14:42:25 -04:00
yq yq_git: add back apply=no for SRC_URI diff 2025-05-19 22:44:13 -04:00