mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-02-03 22:50:33 +00:00
Code Issues Projects Releases Wiki Activity

python3-m2crypto: fix for CVE-2020-25657

Browse Source 
A flaw was found in all released versions of m2crypto, where they are
vulnerable to Bleichenbacher timing attacks in the RSA decryption API
via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest
threat from this vulnerability is to confidentiality.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Narpat Mali
2023-06-01 17:52:55 +00:00
committed by Armin Kuster
parent c6ae6d504d
commit f95484417e
2 changed files with 176 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
View File

@@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
file://cross-compile-platform.patch \
file://avoid-host-contamination.patch \
file://0001-setup.py-address-openssl-3.x-build-issue.patch \
file://CVE-2020-25657.patch \
"
SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"