mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-05 16:28:43 +01:00

Commit Graph

Author	SHA1	Message	Date
Narpat Mali	07213601fd	python3-git: fix for CVE-2022-24439 All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. CVE: CVE-2022-24439 Upstream-Status: Backport Reference: https://github.com/gitpython-developers/GitPython/discussions/1529 https://github.com/gitpython-developers/GitPython/pull/1518 https://github.com/gitpython-developers/GitPython/pull/1521 (From OE-Core rev: 55f93e3786290dfa5ac72b5969bb2793f6a98bde) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-26 23:37:05 +00:00
Ross Burton	e5ab3817aa	classes/setuptools_build_meta: rename to python_setuptools_build_meta Rename this class to be python-prefixed to match the other new Python build system classes. (From OE-Core rev: 25d6bf8079797906bde7c0cf63a0466c981ba5bb) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-20 00:02:22 +00:00
wangmy	f74327157c	python3-git: upgrade 3.1.26 -> 3.1.27 Changelog: ========= -Reduced startup time due to optimized imports. -Fix a vulenerability that could cause great slowdowns when encountering long remote path names when pulling/fetching. (From OE-Core rev: 3cb7f09392f1e43fec1c490cdee8bcdf581b1489) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-27 12:34:40 +00:00

Author

SHA1

Message

Date

Narpat Mali

07213601fd

python3-git: fix for CVE-2022-24439

All versions of package gitpython are vulnerable to Remote Code Execution
(RCE) due to improper user input validation, which makes it possible to
inject a maliciously crafted remote URL into the clone command. Exploiting
this vulnerability is possible because the library makes external calls to
git without sufficient sanitization of input arguments.

CVE: CVE-2022-24439

Upstream-Status: Backport

Reference:
https://github.com/gitpython-developers/GitPython/discussions/1529
https://github.com/gitpython-developers/GitPython/pull/1518
https://github.com/gitpython-developers/GitPython/pull/1521

(From OE-Core rev: 55f93e3786290dfa5ac72b5969bb2793f6a98bde)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-01-26 23:37:05 +00:00

Ross Burton

e5ab3817aa

classes/setuptools_build_meta: rename to python_setuptools_build_meta

Rename this class to be python-prefixed to match the other new Python
build system classes.

(From OE-Core rev: 25d6bf8079797906bde7c0cf63a0466c981ba5bb)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-03-20 00:02:22 +00:00

wangmy

f74327157c

python3-git: upgrade 3.1.26 -> 3.1.27

Changelog:
=========
-Reduced startup time due to optimized imports.
-Fix a vulenerability that could cause great slowdowns when encountering long
 remote path names when pulling/fetching.

(From OE-Core rev: 3cb7f09392f1e43fec1c490cdee8bcdf581b1489)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-02-27 12:34:40 +00:00

3 Commits