| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | python3-git: fix indent error | Kai Kang | 2023-03-23 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | It fails to import anything from git/remote.py: File "/path_to/python3-git-native/3.1.27-r0/GitPython-3.1.27/git/remote.py", line 700 url = Git.polish_url(url) ^ IndentationError: unexpected indent (From OE-Core rev: 48633d8920210e55e0b9ee3004f0502f9f0eec48) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | python3-git: fix for CVE-2022-24439 | Narpat Mali | 2023-01-26 | 2 | -0/+585 |
| All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. CVE: CVE-2022-24439 Upstream-Status: Backport Reference: https://github.com/gitpython-developers/GitPython/discussions/1529 https://github.com/gitpython-developers/GitPython/pull/1518 https://github.com/gitpython-developers/GitPython/pull/1521 (From OE-Core rev: 55f93e3786290dfa5ac72b5969bb2793f6a98bde) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |