go: set status of CVE-2024-3566

NVD ([1]) tracks this as: cpe:2.3🅰️golang:go:*:*:*:*:*:*:*:* Running on/with cpe:2.3⭕microsoft:windows:-:*:*:*:*:*:*:* Yocto cve-check ignores the "Running on/with", so it needs to be ignored explicitly. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566 (From OE-Core rev: c43a9f7ca85f1c25a72f7b1efa494e30d6cf4906) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-19 21:09:03 +02:00 · 2025-06-19 18:51:13 +02:00 · 2025-06-19 18:51:13 +02:00 · 55e1dcd8a3
commit 55e1dcd8a3
parent 3761488d2d
2 changed files with 2 additions and 0 deletions
--- a/meta/recipes-devtools/go/go-binary-native_1.24.4.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.24.4.bb
@ -17,6 +17,7 @@ UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"

 CVE_PRODUCT = "golang:go"
+CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"

 S = "${WORKDIR}/go"

--- a/meta/recipes-devtools/go/go-common.inc
+++ b/meta/recipes-devtools/go/go-common.inc
@ -21,6 +21,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"

 # all recipe variants are created from the same product
 CVE_PRODUCT = "golang:go"
+CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"

 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"