mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-06 08:48:45 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Soumya Sambu	67aa29393d	python3-setuptools: Fix CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6345 Upstream-patch: `88807c7062` (From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-09-09 06:08:10 -07:00
Guðni Már Gilbert	b0ab1c80fc	python3-setuptools: drop python3-2to3 from RDEPENDS 2to3 module was dropped as a dependency in setuptools 58.0 (From OE-Core rev: 0d5cd1d867a826cf83fcaee3e8390b9defec47d1) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-07-09 06:02:55 -07:00
Alexander Kanavin	51460be41f	python3-setuptools: upgrade 69.0.3 -> 69.1.1 (From OE-Core rev: a953d88346d4ee93b5669c079586ae27d71552dc) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-03-07 17:25:02 +00:00

Soumya Sambu

67aa29393d

python3-setuptools: Fix CVE-2024-6345

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for
remote code execution via its download functions. These functions, which are used to download
packages from URLs provided by users or retrieved from package index servers, are susceptible
to code injection. If these functions are exposed to user-controlled inputs, such as package
URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345

Upstream-patch:
88807c7062

(From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-09-09 06:08:10 -07:00

Guðni Már Gilbert

b0ab1c80fc

python3-setuptools: drop python3-2to3 from RDEPENDS

2to3 module was dropped as a dependency in setuptools 58.0

(From OE-Core rev: 0d5cd1d867a826cf83fcaee3e8390b9defec47d1)

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-07-09 06:02:55 -07:00

Alexander Kanavin

51460be41f

python3-setuptools: upgrade 69.0.3 -> 69.1.1

(From OE-Core rev: a953d88346d4ee93b5669c079586ae27d71552dc)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2024-03-07 17:25:02 +00:00

3 Commits