mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 00:20:08 +00:00
Code Issues Projects Releases Wiki Activity

python3-setuptools: fix for CVE-2022-40897

Browse Source 
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVE: CVE-2022-40897

Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]

(From OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Narpat Mali
2023-01-10 08:18:05 +00:00
committed by Richard Purdie
parent da271d70f0
commit 92b150b9f3
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/python/python3-setuptools_59.5.0.bb
+1
View File
@@ -11,6 +11,7 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e
SRC_URI += "\
file://0001-change-shebang-to-python3.patch \
file://0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch \
file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \
"
SRC_URI[sha256sum] = "d144f85102f999444d06f9c0e8c737fd0194f10f2f7e5fdb77573f6e2fa4fad0"