python3-pyasn1: fix CVE-2026-23490

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. References: https://nvd.nist.gov/vuln/detail/CVE-2026-23490 (From OE-Core rev: 205d360b49c7bbaa8709cb5a0b2e57457c32ad22) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-05-14 11:27:54 +02:00 · 2026-04-09 14:16:32 +08:00
parent 62a327e3bc
commit 60345ecc4b
2 changed files with 138 additions and 1 deletions
--- a/meta/recipes-devtools/python/python-pyasn1.inc
+++ b/meta/recipes-devtools/python/python-pyasn1.inc
@@ -18,7 +18,8 @@ inherit ptest

 SRC_URI += " \
       file://run-ptest \
-           "
+       file://CVE-2026-23490.patch \
+"

 RDEPENDS:${PN}-ptest += " \
 	python3-pytest \