mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-03-25 15:08:47 +00:00
Code Issues Projects Releases Wiki Activity
37,562 Commits 63 Branches 0 Tags
69e42c4fbd164ad7e63b92869e6ac5ff2ccc8b92
Commit Graph

2 Commits

Author SHA1 Message Date
Gyorgy Sarvari
001d503fe7 python3-nltk: mark CVE-2026-0846 patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846

It has been fixed in version 3.9.3, however NVD tracks it
without CPE/version info.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2026-03-18 14:33:28 -07:00
Gyorgy Sarvari
14d464c150 python3-nltk: upgrade 3.9.2 -> 3.9.3 
Contains fix for CVE-2026-14009.

Changelog:
* Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader
* Block path traversal/arbitrary reads in nltk.data for protocol-less refs
* Block path traversal/abs paths in corpus readers and FS pointers
* Validate external StanfordSegmenter JARs using SHA256
* Add optional sandbox enforcement for filestring()
* Maintenance: downloader/zipped models, CI/tooling updates

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2026-02-24 22:30:31 -08:00