mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-06-27 20:13:41 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Sudhir Dumbhare	7731db5592	python3: Fix CVE-2026-6019 This patch applies the upstream fix [1] and follow-up fix [2], as referenced in [3] and [4], to address an http.cookies.Morsel.js_output() flaw where inline JavaScript output escaped quotes but did not neutralize the HTML parser-sensitive </script> sequence. [1] `3c59b8b53f` [2] `e7d4c3ff42` [3] https://github.com/python/cpython/issues/149144 [4] https://security-tracker.debian.org/tracker/CVE-2026-6019 Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-6019 (From OE-Core rev: e17af14ae72e21f7f63407ba5c88da160c73bea9) Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>	2026-06-26 16:55:53 +01:00

Sudhir Dumbhare

7731db5592

python3: Fix CVE-2026-6019

This patch applies the upstream fix [1] and follow-up fix [2], as
referenced in [3] and [4], to address an http.cookies.Morsel.js_output()
flaw where inline JavaScript output escaped quotes but did not neutralize
the HTML parser-sensitive </script> sequence.

[1] 3c59b8b53f
[2] e7d4c3ff42
[3] https://github.com/python/cpython/issues/149144
[4] https://security-tracker.debian.org/tracker/CVE-2026-6019

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-6019

(From OE-Core rev: e17af14ae72e21f7f63407ba5c88da160c73bea9)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>

2026-06-26 16:55:53 +01:00

1 Commits