python3-sqlparse: Fix CVE-2024-4340

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4340 Upstream-patch: b4a39d9850 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-21 11:58:24 +00:00 · 2025-01-20 04:32:33 +00:00
parent c028b36527
commit de8681b4a2
2 changed files with 49 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
+++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"
 SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
            file://run-ptest \
            file://CVE-2023-30608.patch \
+            file://CVE-2024-4340.patch \
 	    "

 SRC_URI[sha256sum] = "0c00730c74263a94e5a9919ade150dfc3b19c574389985446148402998287dae"