mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-05 16:28:43 +01:00

Commit Graph

Author	SHA1	Message	Date
Ross Burton	4dfdb53c8a	python3: ignore CVE-2015-20107 CVE-2015-20107 describes an arbitrary command execution in the mailcap module, but this is by design in mailcap and needs to be worked around by the calling application. Upstream Python will be documenting this flaw in the library reference, and it is likely that the mailcap module will be deprecated and removed in the future. (From OE-Core rev: 1ed7bb74d35f08af3babf73c68ee01af5f28a50b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 85fac8408baf92d8b71946f5bfea92952b7eab01) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-09 11:51:59 +01:00
Ross Burton	513cfaa43d	python3: ignore CVE-2022-26488 This CVE is specific to Microsoft Windows, so we can ignore it. (From OE-Core rev: d966a07d1f04aa76a4970d4af141f817197be0d2) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 2bd3c5a93988140d9927340b3af68785ae03db65) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-31 21:09:33 +01:00
Tim Orling	c625f6524d	python3: upgrade 3.8.12 -> 3.8.13 Security and bug fixes (including upgrades for security and bug fixes to bundled components). For changes see: https://docs.python.org/release/3.8.13/whatsnew/changelog.html#python-3-8-13-final CVE: CVE-2022-26488 License-Update: Add 2022 to copyright years * Update bpo-36852 patch to apply after change in 3.8.13 (From OE-Core rev: bcad36b6d34b3176dc313ed6af99897cc442bf2b) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-23 23:16:12 +00:00

Author

SHA1

Message

Date

Ross Burton

4dfdb53c8a

python3: ignore CVE-2015-20107

CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.

Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.

(From OE-Core rev: 1ed7bb74d35f08af3babf73c68ee01af5f28a50b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-05-09 11:51:59 +01:00

Ross Burton

513cfaa43d

python3: ignore CVE-2022-26488

This CVE is specific to Microsoft Windows, so we can ignore it.

(From OE-Core rev: d966a07d1f04aa76a4970d4af141f817197be0d2)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2bd3c5a93988140d9927340b3af68785ae03db65)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-03-31 21:09:33 +01:00

Tim Orling

c625f6524d

python3: upgrade 3.8.12 -> 3.8.13

Security and bug fixes (including upgrades for security and bug fixes to
bundled components).

For changes see:
https://docs.python.org/release/3.8.13/whatsnew/changelog.html#python-3-8-13-final

CVE: CVE-2022-26488

License-Update: Add 2022 to copyright years

* Update bpo-36852 patch to apply after change in 3.8.13

(From OE-Core rev: bcad36b6d34b3176dc313ed6af99897cc442bf2b)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-03-23 23:16:12 +00:00

3 Commits