mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-08 18:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

python3: Fix CVE-2024-7592

Browse Source 
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module. When parsing cookies that contained
backslashes for quoted characters in the cookie value, the parser would use
an algorithm with quadratic complexity, resulting in excess CPU resources
being used while parsing the value.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7592

Upstream-Patch:
dcc3eaef98

(From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Soumya Sambu
2024-09-03 12:50:34 +00:00
committed by Steve Sakoman
parent 67aa29393d
commit 9541ad9650
2 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-devtools/python/python3_3.12.4.bb
View File

@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
file://0001-test_deadlock-skip-problematic-test.patch \
file://0001-test_active_children-skip-problematic-test.patch \
file://CVE-2024-7592.patch \
"
SRC_URI:append:class-native = " \