git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Narpat Mali <narpat.mali@windriver.com>
	Thu, 23 Mar 2023 13:39:07 +0000 (21:39 +0800)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 29 Mar 2023 15:41:20 +0000 (05:41 -1000)
commit	f2230ead6c145efc902336b2b9d5a4f0ecb749de
tree	db04ebd4ed3806ac7e0fcaa60ebc8edd72a0d8ab	tree
parent	a0ef4386d37f84e8f169cbe3cfa9307010b89bbd	commit \| diff

python3-setuptools: fix for CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVE: CVE-2022-40897

Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]

cherry-pick and modify from OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/python/python3-setuptools_65.0.2.bb		diff \| blob \| blame \| history