mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-07 17:26:36 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Pawan Badganchi	15d8a11b99	python3: Fix CVE-2022-37454 Add below patch to fix CVE-2022-37454 CVE-2022-37454.patch Link: https://security-tracker.debian.org/tracker/CVE-2022-37454 Link: `948c679471` (From OE-Core rev: 6a8ef6cc3604008860dcb6aa5d7155b914d7c391) Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: pawan <badganchipv@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-23 23:05:44 +00:00
Omkar	124e5c8391	python3: Fix CVE-2022-45061 Fix CVE-2022-45061, referenced as https://github.com/python/cpython/issues/98433 patch taken from `064ec20bf7` (From OE-Core rev: 4498ca9a299bd5d9a7173ec67daf17cb66b6d286) Signed-off-by: Omkar <omkarpatil10.93@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-07 15:06:36 +00:00
Tim Orling	87ecc7cef6	python3: upgrade 3.8.13 -> 3.8.14 Security and bug fixes. * Drop CVE-2021-28861.patch as it was merged in 3.8.14 release. Fixes: * CVE-2020-10735 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 * CVE-2021-28861 https://nvd.nist.gov/vuln/detail/CVE-2021-28861 * CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 Python 3.8.14 Release Date: Sept. 6, 2022 This is a security release of Python 3.8 Note: The release you're looking at is Python 3.8.14, a security bugfix release for the legacy 3.8 series. Python 3.10 is now the latest feature release series of Python 3. Security content in this release CVE-2020-10735: converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees to avoid a potential crash of the interpreter. gh-90355: Fix ensurepip environment isolation for the subprocess running pip. gh-80254: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. (From OE-Core rev: 25fafd35a4698daa0d4abb814a91601e68223128) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-27 16:54:43 +01:00

Pawan Badganchi

15d8a11b99

python3: Fix CVE-2022-37454

Add below patch to fix CVE-2022-37454

CVE-2022-37454.patch
Link: https://security-tracker.debian.org/tracker/CVE-2022-37454
Link: 948c679471

(From OE-Core rev: 6a8ef6cc3604008860dcb6aa5d7155b914d7c391)

Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-12-23 23:05:44 +00:00

Omkar

124e5c8391

python3: Fix CVE-2022-45061

Fix CVE-2022-45061, referenced as
https://github.com/python/cpython/issues/98433
patch taken from
064ec20bf7

(From OE-Core rev: 4498ca9a299bd5d9a7173ec67daf17cb66b6d286)

Signed-off-by: Omkar <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-12-07 15:06:36 +00:00

Tim Orling

87ecc7cef6

python3: upgrade 3.8.13 -> 3.8.14

Security and bug fixes.

* Drop CVE-2021-28861.patch as it was merged in 3.8.14 release.

Fixes:
  * CVE-2020-10735
    https://nvd.nist.gov/vuln/detail/CVE-2020-10735
  * CVE-2021-28861
    https://nvd.nist.gov/vuln/detail/CVE-2021-28861
  * CVE-2018-25032
    https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Python 3.8.14
Release Date: Sept. 6, 2022

This is a security release of Python 3.8
Note: The release you're looking at is Python 3.8.14, a security bugfix
      release for the legacy 3.8 series. Python 3.10 is now the latest
      feature release series of Python 3.

Security content in this release
CVE-2020-10735: converting between int and str in bases other than
  2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
  10 (decimal) now raises a ValueError if the number of digits in string
  form is above a limit to avoid potential denial of service attacks due
  to the algorithmic complexity.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
  server when an URI path starts with //.
gh-93065: Fix contextvars HAMT implementation to handle iteration over
  deep trees to avoid a potential crash of the interpreter.
gh-90355: Fix ensurepip environment isolation for the subprocess running
  pip.
gh-80254: Raise ProgrammingError instead of segfaulting on recursive usage
  of cursors in sqlite3 converters.

(From OE-Core rev: 25fafd35a4698daa0d4abb814a91601e68223128)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-10-27 16:54:43 +01:00

3 Commits