mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-06 08:48:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,092 Commits 38 Branches 617 Tags
2a8a9502f586c085e08dca9dfd4ff3ce4e23fea2
Commit Graph

2 Commits

Author SHA1 Message Date
Praveen Kumar
f53d6b5b2f python3-setuptools: fix CVE-2025-47273 
setuptools is a package that allows users to download, build, install,
upgrade, and uninstall Python packages. A path traversal vulnerability
in `PackageIndex` is present in setuptools prior to version 78.1.1. An
attacker would be allowed to write files to arbitrary locations on the
filesystem with the permissions of the process running the Python code,
which could escalate to remote code execution depending on the context.
Version 78.1.1 fixes the issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47273

Upstream-patch:
d8390feaa9
250a6d1797

(From OE-Core rev: cfb2d77f841ae21cae0ba7d6263dc3e1e0280400)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-07-04 07:50:16 -07:00
Richard Purdie
9013e8eb93 python3-setuptools: upgrade 75.8.2 -> 76.0.0 
(From OE-Core rev: cdaa24119650c41469cd1cea1955aa6fb0494398)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-03-17 22:38:32 +00:00