python-pycrypto: Security fix CVE-2013-7459

CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Reference: https://nvd.nist.gov/vuln/detail/CVE-2013-7459 Patch from: 8dbe0dc3ee Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2026-04-20 11:38:34 +00:00 · 2017-08-24 13:56:32 +08:00
parent d853932c66
commit e4af9cf961
2 changed files with 101 additions and 1 deletions
--- a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
+++ b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
@@ -1,7 +1,9 @@
 inherit distutils
 require python-pycrypto.inc

-SRC_URI += "file://cross-compiling.patch"
+SRC_URI += "file://cross-compiling.patch \
+            file://CVE-2013-7459.patch \
+           "

 # We explicitly call distutils_do_install, since we want it to run, but
 # *don't* want the autotools install to run, since this package doesn't