mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-06 16:56:37 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Narpat Mali	79dd246cc5	python3-setuptools: fix for CVE-2022-40897 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVE: CVE-2022-40897 Upstream-Status: Backport [`43a9c9bfa6`] cherry-pick and modify from OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf (From OE-Core rev: f2230ead6c145efc902336b2b9d5a4f0ecb749de) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-04 17:46:24 +01:00
Alexander Kanavin	5aca6cdb59	python3-setuptools: update 63.4.1 -> 65.0.2 (From OE-Core rev: 1647f6a6123f544a67aa3fb7accce82ba0d21420) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-21 22:51:42 +01:00

Narpat Mali

79dd246cc5

python3-setuptools: fix for CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVE: CVE-2022-40897

Upstream-Status: Backport [43a9c9bfa6]

cherry-pick and modify from OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf

(From OE-Core rev: f2230ead6c145efc902336b2b9d5a4f0ecb749de)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-04-04 17:46:24 +01:00

Alexander Kanavin

5aca6cdb59

python3-setuptools: update 63.4.1 -> 65.0.2

(From OE-Core rev: 1647f6a6123f544a67aa3fb7accce82ba0d21420)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-08-21 22:51:42 +01:00

2 Commits