diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:42:39 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:42:39 +0200 |
commit | 34e5a4f013f8bd0158a984bf5ed5b10ca4c1a263 (patch) | |
tree | fb55d1ceeff0f05543ffda6714d9a726fc96b28b /meta/recipes-devtools/python/python_2.7.3.bb | |
parent | d5775b10e9b8a611c52607aca97dcd6f4365603f (diff) | |
download | poky-34e5a4f013f8bd0158a984bf5ed5b10ca4c1a263.tar.gz |
python: Backport CVE-2013-1752 fix from upstream
This back ported patch fixes CVE-2013-1752 for httplib
References:
http://bugs.python.org/issue16037
https://access.redhat.com/security/cve/CVE-2013-1752
The httplib module / package can read arbitrary amounts of data
from its socket when it's parsing the HTTP header. This may lead
to issues when a user connects to a broken HTTP server or
something that isn't a HTTP at all
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-devtools/python/python_2.7.3.bb')
-rw-r--r-- | meta/recipes-devtools/python/python_2.7.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb index 0d9ca456fe..bde7a70cf7 100644 --- a/meta/recipes-devtools/python/python_2.7.3.bb +++ b/meta/recipes-devtools/python/python_2.7.3.bb | |||
@@ -39,6 +39,7 @@ SRC_URI += "\ | |||
39 | file://json-flaw-CVE-2014-4616.patch \ | 39 | file://json-flaw-CVE-2014-4616.patch \ |
40 | file://python2.7.3-nossl3.patch \ | 40 | file://python2.7.3-nossl3.patch \ |
41 | file://python-2.7.3-CVE-2014-7185.patch \ | 41 | file://python-2.7.3-CVE-2014-7185.patch \ |
42 | file://python-2.7.3-CVE-2013-1752-httplib-fix.patch \ | ||
42 | " | 43 | " |
43 | 44 | ||
44 | S = "${WORKDIR}/Python-${PV}" | 45 | S = "${WORKDIR}/Python-${PV}" |