diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-11-18 21:22:26 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-24 10:27:45 +0000 |
| commit | 5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d (patch) | |
| tree | d06534b23f73c8b53da2dde856e0d53fe983f69b | |
| parent | e05d37ec898ddad62c31bfe488b26b512f8182be (diff) | |
| download | poky-5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d.tar.gz | |
python3: whitelist CVE-2020-15523
This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath.
Since it is .dll issue (on windows only), hence whitelist it.
https://bugs.python.org/issue29778
(From OE-Core rev: 4ceb08bfe6c6dca486040f39d58b285c37d3bc91)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/python/python3_3.9.0.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3_3.9.0.bb b/meta/recipes-devtools/python/python3_3.9.0.bb index ae9a974f04..d29a779a81 100644 --- a/meta/recipes-devtools/python/python3_3.9.0.bb +++ b/meta/recipes-devtools/python/python3_3.9.0.bb | |||
| @@ -49,6 +49,9 @@ CVE_PRODUCT = "python" | |||
| 49 | # This is not exploitable when glibc has CVE-2016-10739 fixed. | 49 | # This is not exploitable when glibc has CVE-2016-10739 fixed. |
| 50 | CVE_CHECK_WHITELIST += "CVE-2019-18348" | 50 | CVE_CHECK_WHITELIST += "CVE-2019-18348" |
| 51 | 51 | ||
| 52 | # This is windows only issue. | ||
| 53 | CVE_CHECK_WHITELIST += "CVE-2020-15523" | ||
| 54 | |||
| 52 | PYTHON_MAJMIN = "3.9" | 55 | PYTHON_MAJMIN = "3.9" |
| 53 | 56 | ||
| 54 | S = "${WORKDIR}/Python-${PV}" | 57 | S = "${WORKDIR}/Python-${PV}" |