* [PATCH] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 @ 2019-12-05 19:28 Adrian Bunk 2019-12-05 19:28 ` [PATCH] python/python3: Whitelist CVE-2019-18348 Adrian Bunk 2019-12-05 19:32 ` ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev2) Patchwork 0 siblings, 2 replies; 3+ messages in thread From: Adrian Bunk @ 2019-12-05 19:28 UTC (permalink / raw) To: openembedded-core One Windows-only CVE that cannot be fixed, and two CVEs where upstream agreement is that they are not vulnerabilities. Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/recipes-devtools/python/python.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index a630c26e89..110ec315d9 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -19,6 +19,16 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>2(\.\d+)+).tar" CVE_PRODUCT = "python" +# Upstream agreement is that these are not security issues: +# https://bugs.python.org/issue32367 +CVE_CHECK_WHITELIST += "CVE-2017-17522" +# https://bugs.python.org/issue32056 +CVE_CHECK_WHITELIST += "CVE-2017-18207" + +# Windows-only, "It was determined that this is a longtime behavior +# of Python that cannot really be altered at this point." +CVE_CHECK_WHITELIST += "CVE-2015-5652" + PYTHON_MAJMIN = "2.7" inherit autotools pkgconfig -- 2.17.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH] python/python3: Whitelist CVE-2019-18348 2019-12-05 19:28 [PATCH] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Adrian Bunk @ 2019-12-05 19:28 ` Adrian Bunk 2019-12-05 19:32 ` ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev2) Patchwork 1 sibling, 0 replies; 3+ messages in thread From: Adrian Bunk @ 2019-12-05 19:28 UTC (permalink / raw) To: openembedded-core This is not exploitable when glibc has CVE-2016-10739 fixed, which is fixed in the upstream version since warrior. Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/recipes-devtools/python/python.inc | 3 +++ meta/recipes-devtools/python/python3_3.7.5.bb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index 110ec315d9..19a2f3e743 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -29,6 +29,9 @@ CVE_CHECK_WHITELIST += "CVE-2017-18207" # of Python that cannot really be altered at this point." CVE_CHECK_WHITELIST += "CVE-2015-5652" +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + PYTHON_MAJMIN = "2.7" inherit autotools pkgconfig diff --git a/meta/recipes-devtools/python/python3_3.7.5.bb b/meta/recipes-devtools/python/python3_3.7.5.bb index 57eaaea5e7..da991f5139 100644 --- a/meta/recipes-devtools/python/python3_3.7.5.bb +++ b/meta/recipes-devtools/python/python3_3.7.5.bb @@ -47,6 +47,9 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" CVE_PRODUCT = "python" +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + PYTHON_MAJMIN = "3.7" PYTHON_BINABI = "${PYTHON_MAJMIN}m" -- 2.17.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev2) 2019-12-05 19:28 [PATCH] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Adrian Bunk 2019-12-05 19:28 ` [PATCH] python/python3: Whitelist CVE-2019-18348 Adrian Bunk @ 2019-12-05 19:32 ` Patchwork 1 sibling, 0 replies; 3+ messages in thread From: Patchwork @ 2019-12-05 19:32 UTC (permalink / raw) To: Adrian Bunk; +Cc: openembedded-core == Series Details == Series: python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev2) Revision: 2 URL : https://patchwork.openembedded.org/series/21468/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Series does not apply on top of target branch [test_series_merge_on_head] Suggested fix Rebase your series on top of targeted branch Targeted branch master (currently at afb8d45636) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-05 19:32 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-12-05 19:28 [PATCH] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Adrian Bunk 2019-12-05 19:28 ` [PATCH] python/python3: Whitelist CVE-2019-18348 Adrian Bunk 2019-12-05 19:32 ` ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev2) Patchwork
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.