python3-setuptools: Fix CVE-2024-6345 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-09-01 17:17:26 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-09-09 06:08:10 -0700
commit	67aa29393db111a67b64f3394a0c490c33946c02 (patch)
tree	950ce8741e9947608ee72ef3cedaa10b500479bb /meta/recipes-devtools/python/python3
parent	8637aa34f0009421eb6c51a93588fe879950e1f4 (diff)
download	poky-67aa29393db111a67b64f3394a0c490c33946c02.tar.gz

python3-setuptools: Fix CVE-2024-6345

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6345 Upstream-patch: https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 (From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: