mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-11 03:03:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

python3: fix CVE-2025-6075

Browse Source 
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
892747b4cf

(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Praveen Kumar
2025-11-21 16:56:42 +05:30
committed by Steve Sakoman
parent 6639c7b295
commit c6234dce63
2 changed files with 365 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-devtools/python/python3_3.10.19.bb
View File

@@ -37,6 +37,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
file://0001-test_storlines-skip-due-to-load-variability.patch \
file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
file://CVE-2025-6075.patch \
"
SRC_URI:append:class-native = " \