python3-setuptools: fix for CVE-2022-40897 - linux/poky.git

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-03-23 21:39:07 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-04 17:46:24 +0100
commit	79dd246cc5b3b40e8af1a8fe72fad0ee872d4041 (patch)
tree	392aefc8b62c0290556c1b80c815ad611bee7c93 /scripts/lib/argparse_oe.py
parent	a7d90a69d90ac980f28dd1783c2c5a849f6dbdc2 (diff)
download	poky-79dd246cc5b3b40e8af1a8fe72fad0ee872d4041.tar.gz

python3-setuptools: fix for CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVE: CVE-2022-40897 Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be] cherry-pick and modify from OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf (From OE-Core rev: f2230ead6c145efc902336b2b9d5a4f0ecb749de) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/argparse_oe.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: