git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Narpat Mali <narpat.mali@windriver.com>
	Tue, 10 Jan 2023 08:18:05 +0000 (08:18 +0000)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 16 Jan 2023 14:41:29 +0000 (04:41 -1000)
commit	f574d8d57ff3fbc38e350e7a90913993081c4fdf
tree	8f8f45c26608ef4f6ba730dcd0b80dba4e6a673f	tree \| snapshot
parent	4cb3874abf4fdeb04337a48a14c765ba9b2269d4	commit \| diff

python3-setuptools: fix for CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVE: CVE-2022-40897

Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/python/python3-setuptools_59.5.0.bb		diff \| blob \| blame \| history