python3-gevent: fix CVE-2023-41419

An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. References: https://nvd.nist.gov/vuln/detail/CVE-2023-41419 https://github.com/advisories/GHSA-x7m3-jprg-wc5g Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-07 05:10:20 +00:00 · 2023-10-06 14:13:49 +00:00
parent e2b534cc3a
commit 6432fee6d0
2 changed files with 675 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
+++ b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
@@ -13,6 +13,8 @@ RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \

 SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070ad094e"

+SRC_URI += "file://CVE-2023-41419.patch"
+
 inherit pypi setuptools3

 # Don't embed libraries, link to the system instead