mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 03:24:08 +00:00
Code Issues Projects Releases Wiki Activity
23,603 Commits 63 Branches 0 Tags
65523c22aaed162ac4b0579bdaf44533951ccb71
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jiaying Song 65523c22aa python3-aiohttp: fix CVE-2024-42367 
aiohttp is an asynchronous HTTP client/server framework for asyncio and
Python. Prior to version 3.10.2, static routes which contain files with
compressed variants (`.gz` or `.br` extension) are vulnerable to path
traversal outside the root directory if those variants are symbolic
links. The server protects static routes from path traversal outside the
root directory when `follow_symlinks=False` (default). It does this by
resolving the requested URL to an absolute path and then checking that
path relative to the root. However, these checks are not performed when
looking for compressed variants in the `FileResponse` class, and
symbolic links are then automatically followed when performing the
`Path.stat()` and `Path.open()` to send the file. Version 3.10.2
contains a patch for the issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-42367
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj

Upstream patch:
ce2e975881

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-07-02 20:36:23 -04:00
contrib
pw-am.sh: update to new patcwork system
2022-02-28 08:39:26 -08:00
meta-filesystems
ntfs-3g-ntfsprogs: fix CVE-2023-52890
2024-12-08 15:02:11 -05:00
meta-gnome
libgsf: Upgrade 1.14.49 -> 1.14.53
2024-12-08 15:04:56 -05:00
meta-initramfs
grubby: Update branchname to match upstream
2023-11-03 10:49:37 -04:00
meta-multimedia
packagegroup-meta-multimedia: Remove library only packages from rdeps
2025-01-01 09:13:52 -05:00
meta-networking
proftpd: Fix CVE-2024-57392
2025-07-02 20:30:13 -04:00
meta-oe
postgresql: upgrade 14.17 -> 14.18
2025-07-02 20:31:21 -04:00
meta-perl
meta-perl: Drop broken BBCLASSEXTEND variants
2023-11-17 10:48:51 -05:00
meta-python
python3-aiohttp: fix CVE-2024-42367
2025-07-02 20:36:23 -04:00
meta-webserver
nginx: fix CVE-2025-23419
2025-03-06 09:48:58 -05:00
meta-xfce
xfce-dusk-gtk3: fix do_fetch error
2025-03-29 14:24:38 -04:00
.gitignore
.gitignore: add *.pyc and *.pyo
2019-06-15 16:45:33 -07:00
COPYING.MIT
add README and license for this layer
2011-02-13 16:47:32 +01:00
README
meta-openemnedded: Add myself as kirkstone maintainer
2022-04-23 17:14:31 -07:00

README 

Collection of layers for the OE-core universe

Main layer maintainer: Armin Kuster <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 115 MiB
Languages
BitBake 84.3%
Shell 6.4%
C 3.1%
Roff 2.3%
NASL 2%
Other 1.8%