meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 15:31:45 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Narpat Mali	a8369be5ee	python3-oauthlib: upgrade 3.2.0 -> 3.2.2 As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after upgrading the python3-oauthlib version to 3.2.1, observed that the vulnerable code lines are still available. The same observations were reported here in github at https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake during 3.2.1 release preparation and due to which vulnerable code was still existing in 3.2.1 source code. To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 version and here are the changelog of version 3.2.2 https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst Reference : https://nvd.nist.gov/vuln/detail/CVE-2022-36087 Upstream fix : `2e40b412c8` Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2022-11-19 11:16:48 -05:00

Narpat Mali

a8369be5ee

python3-oauthlib: upgrade 3.2.0 -> 3.2.2

As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after upgrading the python3-oauthlib version
to 3.2.1, observed that the vulnerable code lines are still available. The same observations were reported here in github at
https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake during 3.2.1 release preparation and due to
which vulnerable code was still existing in 3.2.1 source code.

To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 version and here are the changelog of version 3.2.2
https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst

Reference :
https://nvd.nist.gov/vuln/detail/CVE-2022-36087

Upstream fix :
2e40b412c8

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2022-11-19 11:16:48 -05:00

1 Commits