python3: Fix CVE-2024-7592 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-09-03 12:50:34 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-09-09 06:08:10 -0700
commit	9541ad965035b28697b8df400d7b9bddc4d2519a (patch)
tree	fc357bcda13bcc939c260c7ad7ed9f4c9c8a3655 /meta/recipes-devtools/python/python3/python3-manifest.json
parent	67aa29393db111a67b64f3394a0c490c33946c02 (diff)
download	poky-9541ad965035b28697b8df400d7b9bddc4d2519a.tar.gz

python3: Fix CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. References: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 Upstream-Patch: https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3/python3-manifest.json')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: