go: Exclude CVE-2021-29923 from report list

author Richard Purdie <richard.purdie@linuxfoundation.org>

Mon, 6 Sep 2021 14:11:51 +0000 (15:11 +0100)

committer Anuj Mittal <anuj.mittal@intel.com>

Wed, 15 Sep 2021 02:20:55 +0000 (10:20 +0800)
author Richard Purdie <richard.purdie@linuxfoundation.org>
Mon, 6 Sep 2021 14:11:51 +0000 (15:11 +0100)
committer Anuj Mittal <anuj.mittal@intel.com>
Wed, 15 Sep 2021 02:20:55 +0000 (10:20 +0800)
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc

index ed2d94671b7bf84016b5a54f27291ff6eb035c05..9eca1caeeb97981840f313e59abb8dfe6931f42d 100644 (file)
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -19,3 +19,8 @@ SRC_URI += "\
      file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \
  "
  SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
author	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 6 Sep 2021 14:11:51 +0000 (15:11 +0100)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Wed, 15 Sep 2021 02:20:55 +0000 (10:20 +0800)