mirror of
https://git.yoctoproject.org/poky
synced 2026-07-15 15:37:03 +00:00
python3: fix CVE-2025-6075
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-6075 Upstream-patch: https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742 (From OE-Core rev: 5313fa5236cd3943f90804de2af81358971894bc) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
committed by
Steve Sakoman
parent
adc9e377c8
commit
792947d444
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
|
||||
file://0001-test_deadlock-skip-problematic-test.patch \
|
||||
file://0001-test_active_children-skip-problematic-test.patch \
|
||||
file://0001-test_readline-skip-limited-history-test.patch \
|
||||
file://CVE-2025-6075.patch \
|
||||
"
|
||||
|
||||
SRC_URI:append:class-native = " \
|
||||
|
||||
Reference in New Issue
Block a user