mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-20 11:38:34 +00:00
Code Issues Projects Releases Wiki Activity

python3-pycares: fix CVE-2025-48945

Browse Source 
pycares is a Python module which provides an interface to c-ares. c-ares
is a C library that performs DNS requests and name resolutions
asynchronously. Prior to version 4.9.0, pycares is vulnerable to a
use-after-free condition that occurs when a Channel object is garbage
collected while DNS queries are still pending. This results in a fatal
Python error and interpreter crash. The vulnerability has been fixed in
pycares 4.9.0 by implementing a safe channel destruction mechanism.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-48945

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Jiaying Song
2025-07-03 13:28:24 +08:00
committed by Armin Kuster
parent 6b9b9658e6
commit 32200384c7
2 changed files with 734 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
View File

@@ -6,6 +6,7 @@ HOMEPAGE = "https://github.com/saghul/pycares"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b1538fcaea82ebf2313ed648b96c69b1"
SRC_URI += "file://CVE-2025-48945.patch"
SRC_URI[sha256sum] = "b8a004b18a7465ac9400216bc3fad9d9966007af1ee32f4412d2b3a94e33456e"
PYPI_PACKAGE = "pycares"