From 2ae3d4362871655e76f82de99cb48666aad40c41 Mon Sep 17 00:00:00 2001 From: Hitendra Prajapati Date: Mon, 20 Jun 2022 10:20:09 +0530 Subject: python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references Source: https://github.com/pypa/pip MR: 113864 Type: Security Fix Disposition: Backport from https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636 Description: CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references. (From OE-Core rev: 841a8fb5b6351f79a4d756232a544d1a6480c562) Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie --- meta/recipes-devtools/python/python3-pip_20.0.2.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-devtools/python/python3-pip_20.0.2.bb') diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb index 08738fb2f9..e24c6f4477 100644 --- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb +++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" DEPENDS += "python3 python3-setuptools-native" +SRC_URI = "file://CVE-2021-3572.patch " SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86" SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f" -- cgit v1.2.3-54-g00ecf