diff options
| author | Dan Andresan <Dan.Andresan@enea.com> | 2018-10-26 12:01:51 +0200 |
|---|---|---|
| committer | Dan Andresan <Dan.Andresan@enea.com> | 2018-10-26 12:01:51 +0200 |
| commit | 429266feedb3eccc450d823d207cb1464c4c43dc (patch) | |
| tree | 863efea1fd3d57b594307a6c36477ca8e1d3506d /recipes-devtools/python/python_2.7.13.bbappend | |
| parent | 5b8928cd5f01d83ae27824bb5d411723cabc3108 (diff) | |
| download | meta-el-common-429266feedb3eccc450d823d207cb1464c4c43dc.tar.gz | |
python: Fix CVEs
CVE: CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061
CVE-2017-1000158 python in the upstream pyro is 2.7.13
CVE-2018-1060 - python in the upstream pyro is 2.7.13
CVE-2018-1061 - python in the upstream pyro is 2.7.13
Reference:
CVE-2017-1000158 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
CVE-2018-1060 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
CVE-2018-1061 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
Change-Id: I09dc5e7d1754c00d4bcdf57b1124370e3d790e5a
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
Diffstat (limited to 'recipes-devtools/python/python_2.7.13.bbappend')
| -rw-r--r-- | recipes-devtools/python/python_2.7.13.bbappend | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/recipes-devtools/python/python_2.7.13.bbappend b/recipes-devtools/python/python_2.7.13.bbappend new file mode 100644 index 0000000..d7ec5e2 --- /dev/null +++ b/recipes-devtools/python/python_2.7.13.bbappend | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += " \ | ||
| 5 | file://CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch \ | ||
| 6 | file://CVE-2018-1060-CVE-2018-1061-2.7-bpo-32981-Fix-catastrophic-backtracking-vulns-GH.patch \ | ||
| 7 | " | ||