mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-05 16:28:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,438 Commits 38 Branches 617 Tags
2ab1bedda9e081dbf01d4c3069d247efc6c3c55e
Commit Graph

5 Commits

Author SHA1 Message Date
Vijay Anusuri
6ba8b8a487 python3-setuptools: Fix CVE-2025-47273 
Upstream-Status: Backport from
d8390feaa9
& 250a6d1797

(From OE-Core rev: 9769cd99c32faf7d95a7cab07b8550b438ccaf0c)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-06-11 08:17:34 -07:00
Shunsuke Tokumoto
8dae11e0b5 python3-setuptools: Add "python:setuptools" to CVE_PRODUCT 
Since there are vulnerabilities that cannot be detected by the existing
CVE_PRODUCT, add "python:setuptools" to CVE_PRODUCT.

https://nvd.nist.gov/vuln/detail/CVE-2013-1633
https://nvd.nist.gov/vuln/detail/CVE-2022-40897

(From OE-Core rev: 85b61bf9cefc024faefa083c37ce88ba9c7355e1)

Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aa1c8d97efc6640a1cffa2459d9b20ad1f7309b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-10-30 08:30:00 -07:00
Soumya Sambu
67aa29393d python3-setuptools: Fix CVE-2024-6345 
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for
remote code execution via its download functions. These functions, which are used to download
packages from URLs provided by users or retrieved from package index servers, are susceptible
to code injection. If these functions are exposed to user-controlled inputs, such as package
URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345

Upstream-patch:
88807c7062

(From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-09-09 06:08:10 -07:00
Guðni Már Gilbert
b0ab1c80fc python3-setuptools: drop python3-2to3 from RDEPENDS 
2to3 module was dropped as a dependency in setuptools 58.0

(From OE-Core rev: 0d5cd1d867a826cf83fcaee3e8390b9defec47d1)

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-07-09 06:02:55 -07:00
Alexander Kanavin
51460be41f python3-setuptools: upgrade 69.0.3 -> 69.1.1 
(From OE-Core rev: a953d88346d4ee93b5669c079586ae27d71552dc)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2024-03-07 17:25:02 +00:00