Hi Deepak, The go-binary-native was used to bootstrap the go toolchain, we take it from the official go upstream https://go.dev/dl. Perhaps this is the ideal place to report such problems, so that they can create new binary packages with the referred CVE fixed.
Jose Deepak Rathore via lists.openembedded.org <deeratho= [email protected]> escreveu (quinta, 12/02/2026 à(s) 11:15): > Hello Khem Raj, > > Several new CVEs have been assigned to go-binary-native package (as listed > below). Based on the recipe, it’s been observed that it uses prebuilt > instead of being built from source code. Can you please help to understand > the procedures and how we can address applicable CVEs for these packages? > Do we have any identified plan to address it? > CVEs affecting go-binary-native: > > 1. CVE-2025-4674 (CVSS 8.6) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4674 > 2. CVE-2025-47906 (CVSS 6.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47906 > 3. CVE-2025-47907 (CVSS 7.0) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47907 > 4. CVE-2025-47912 (CVSS 5.3) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47912 > 5. CVE-2025-58185 (CVSS 5.3) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58185 > 6. CVE-2025-58187 (CVSS 7.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58187 > 7. CVE-2025-58188 (CVSS 7.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58188 > 8. CVE-2025-58189 (CVSS 5.3) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58189 > 9. CVE-2025-61723 (CVSS 7.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61723 > 10. CVE-2025-61724 (CVSS 5.3) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61724 > 11. CVE-2025-61726 (CVSS 7.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61726 > 12. CVE-2025-61727 (CVSS 6.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61727 > 13. CVE-2025-61728 (CVSS 6.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61728 > 14. CVE-2025-61729 (CVSS 7.5) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61729 > 15. CVE-2025-61730 (CVSS 5.3) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61730 > 16. CVE-2025-61731 (CVSS 7.8) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61731 > 17. CVE-2025-68119 (CVSS 7.0) – > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-68119 > 18. CVE-2025-22873 (CVSS3: 3.8) - > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-22873 > 19. CVE-2025-61732 (CVSS3: 8.6) - > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61732 > 20. CVE-2025-68121 (CVSS3: 10.0) - > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-68121 > > Thanks for the guidance. > Regards, > Deepak Rathore > > > > > -- Best regards, José Quaresma
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231060): https://lists.openembedded.org/g/openembedded-core/message/231060 Mute This Topic: https://lists.openembedded.org/mt/117772424/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
