python3-mako: backport fix for CVE-2022-40023 - linux/poky.git

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2022-11-10 22:18:06 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-20 08:19:17 +0000
commit	848be11a4390bd39323c9feaf2fe880e2b41f99c (patch)
tree	0168669551a6bfecc3171390b4bf830a1a3442b9 /scripts/lib
parent	52e9ab5da1f445266c94b0c6432ddc2747fdc2c0 (diff)
download	poky-848be11a4390bd39323c9feaf2fe880e2b41f99c.tar.gz

python3-mako: backport fix for CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-40023 Reference to Upstream Patch: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (From OE-Core rev: 34727812b54fd52f85806f4f95702286d551b5fd) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: