mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-18 07:10:32 +00:00
Code Issues Projects Releases Wiki Activity

python3-grpcio: Fix CVE-2024-7246

Browse Source 
Apply the nearest upstream fix from v1.62.3 [1] for HPACK parser error
handling to prevent header table desynchronization, aligned with the original
fix in v1.60.2 [2] as referenced in [3].

[1] https://github.com/grpc/grpc/commit/1d172cfca56440889ca32ae516b8c2767321f5b5
[2] https://github.com/grpc/grpc/commit/88b1244fd43e81860baa60cc7fb3945a2cca0d11
[3] https://bugzilla.suse.com/show_bug.cgi?id=1228919

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7246

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Sudhir Dumbhare
2026-06-01 23:39:12 -07:00
committed by Anuj Mittal
parent 8d7e7fa162
commit bc70f00d38
2 changed files with 207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
+1
View File
@@ -13,6 +13,7 @@ SRC_URI += "file://0001-Include-missing-cstdint-header.patch \
file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \
file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \
file://CVE-2024-11407.patch \
file://CVE-2024-7246.patch \
"
SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d"