diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-11-19 19:00:33 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-24 13:17:59 +0000 |
| commit | 17d7d64ebe0cba430849ba434fc49923e3d4cb59 (patch) | |
| tree | 137c1b721736c88daa5e17730ca204506ab3555c | |
| parent | 4dfddb155e565744c5b77e683450f040e8c75f11 (diff) | |
| download | poky-17d7d64ebe0cba430849ba434fc49923e3d4cb59.tar.gz | |
python3: whitelist CVE-2020-15523
This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath.
Since it is .dll issue (on windows only), hence whitelist it.
https://bugs.python.org/issue29778
(From OE-Core rev: c216431d0704bd8be237e860bbdc32be34a82aee)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/python/python3_3.8.2.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb index 758ed87546..5f7901dbf2 100644 --- a/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/meta/recipes-devtools/python/python3_3.8.2.bb | |||
| @@ -54,6 +54,9 @@ CVE_PRODUCT = "python" | |||
| 54 | # This is not exploitable when glibc has CVE-2016-10739 fixed. | 54 | # This is not exploitable when glibc has CVE-2016-10739 fixed. |
| 55 | CVE_CHECK_WHITELIST += "CVE-2019-18348" | 55 | CVE_CHECK_WHITELIST += "CVE-2019-18348" |
| 56 | 56 | ||
| 57 | # This is windows only issue. | ||
| 58 | CVE_CHECK_WHITELIST += "CVE-2020-15523" | ||
| 59 | |||
| 57 | PYTHON_MAJMIN = "3.8" | 60 | PYTHON_MAJMIN = "3.8" |
| 58 | 61 | ||
| 59 | S = "${WORKDIR}/Python-${PV}" | 62 | S = "${WORKDIR}/Python-${PV}" |