linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb, branch kirkstone-next

python3-sqlparse: Fix CVE-2024-4340

2025-01-23T00:29:37+00:00

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4340 Upstream-patch: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 Signed-off-by: Soumya Sambu Signed-off-by: Armin Kuster

python3-sqlparse: fix for CVE-2023-30608

2023-06-17T17:50:19+00:00

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. Signed-off-by: Narpat Mali Signed-off-by: Armin Kuster

python3-sqlparse: upgrade 0.4.1 -> 0.4.2

2021-09-27T18:34:15+00:00

Release 0.4.2 (Sep 10, 2021) ---------------------------- Notable Changes * IMPORTANT: This release fixes a security vulnerability in the strip comments filter. In this filter a regular expression that was vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf The vulnerability was discovered by @erik-krogh and @yoff from GitHub Security Lab (GHSL). Thanks for reporting! Enhancements * Add ELSIF as keyword (issue584). * Add CONFLICT and ON_ERROR_STOP keywords (pr595, by j-martin). Bug Fixes * Fix parsing of backticks (issue588). * Fix parsing of scientific number (issue399). Signed-off-by: Zang Ruochen Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin