mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-03-21 13:50:08 +00:00
Code Issues Projects Releases Wiki Activity

python3-sqlparse: fix for CVE-2023-30608

Browse Source 
sqlparse is a non-validating SQL parser module for Python. In affected
versions the SQL parser contains a regular expression that is vulnerable
to ReDoS (Regular Expression Denial of Service). This issue was introduced
by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS).
This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users
are advised to upgrade. There are no known workarounds for this issue.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Narpat Mali
2023-05-31 15:23:13 +00:00
committed by Armin Kuster
parent 9ea78f00a4
commit 420acd8735
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
View File

@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"
SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
file://run-ptest \
file://CVE-2023-30608.patch \
"
SRC_URI[sha256sum] = "0c00730c74263a94e5a9919ade150dfc3b19c574389985446148402998287dae"