python3-sqlparse: Fix CVE-2024-4340

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. References: https://nvd.nist.gov/vuln/detail/CVE-2024-4340 Upstream-patch: b4a39d9850 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-02-19 03:50:38 +00:00 · 2024-07-26 12:04:24 +00:00
parent 9edbfe9826
commit cffdfd0d69
2 changed files with 49 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb
+++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb
@@ -5,6 +5,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"

 SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
+            file://CVE-2024-4340.patch \
            file://run-ptest \
 	    "