mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-13 20:23:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

python3-wheel: fix for CVE-2022-40898

Browse Source 
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1
and earlier allows remote attackers to cause a denial of service via
attacker controlled input to wheel cli.

CVE: CVE-2022-40898

Upstream-Status: Backport [88f02bc335]

(From OE-Core rev: 0974291e545aec68755dfb634c75dca37cca1ea9)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Narpat Mali
2023-01-12 14:55:32 +00:00
committed by Richard Purdie
parent 92b150b9f3
commit fd36d262b8
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-devtools/python/python3-wheel_0.37.1.bb
View File

@@ -8,7 +8,9 @@ SRC_URI[sha256sum] = "e9a504e793efbca1b8e0e9cb979a249cf4a0a7b5b8c9e8b65a5e39d495
inherit python_flit_core pypi
SRC_URI += " file://0001-Backport-pyproject.toml-from-flit-backend-branch.patch"
SRC_URI += "file://0001-Backport-pyproject.toml-from-flit-backend-branch.patch \
file://0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch \
"
BBCLASSEXTEND = "native nativesdk"