tianon
commented
2 years ago Thanks, added!
- CVE-2022-1705: does not use
net/http(#112) - CVE-2022-1962: no deeply nested types (#112)
- CVE-2022-28131: does not use
encoding/xml(#112) - CVE-2022-30580: does not (could not?) support
GOOS=windows(#112) - CVE-2022-30629: does not use
crypto/tls(#112) - CVE-2022-30630: does not use file globbing (#112)
- CVE-2022-30631: does not use
compress/gzip(#112) - CVE-2022-30632: does not use file globbing (#112)
- CVE-2022-30633: does not use
encoding/xml(#112)
Vulnerability scans using Twistlock are showing the following CVEs, all pertaining to go-1.17.7:
CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30580 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633
None of these findings are currently listed in #104. Can you confirm that these CVEs do not apply to builds of
gosu?