From: Adrian Bunk <bunk@stusta.de>
To: openembedded-core@lists.openembedded.org
Subject: [warrior][PATCH] python/python3: Whitelist CVE-2019-18348
Date: Fri, 17 Jan 2020 19:04:21 +0200 [thread overview]
Message-ID: <20200117170423.2990-2-bunk@stusta.de> (raw)
In-Reply-To: <20200117170423.2990-1-bunk@stusta.de>
This is not exploitable when glibc has CVE-2016-10739 fixed,
which is fixed in the upstream version since warrior.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-devtools/python/python.inc | 3 +++
meta/recipes-devtools/python/python3_3.7.5.bb | 3 +++
2 files changed, 6 insertions(+)
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 5d280dc63b..a2424a67bf 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -29,6 +29,9 @@ CVE_CHECK_WHITELIST += "CVE-2017-18207"
# of Python that cannot really be altered at this point."
CVE_CHECK_WHITELIST += "CVE-2015-5652"
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
PYTHON_MAJMIN = "2.7"
inherit autotools pkgconfig
diff --git a/meta/recipes-devtools/python/python3_3.7.5.bb b/meta/recipes-devtools/python/python3_3.7.5.bb
index c560c4a29d..c90054d45a 100644
--- a/meta/recipes-devtools/python/python3_3.7.5.bb
+++ b/meta/recipes-devtools/python/python3_3.7.5.bb
@@ -46,6 +46,9 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
CVE_PRODUCT = "python"
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
PYTHON_MAJMIN = "3.7"
PYTHON_BINABI = "${PYTHON_MAJMIN}m"
--
2.17.1
next prev parent reply other threads:[~2020-01-17 17:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-17 17:04 [warrior][PATCH] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Adrian Bunk
2020-01-17 17:04 ` Adrian Bunk [this message]
2020-01-17 17:04 ` [warrior][PATCH] python3: Upgrade 3.7.5 -> 3.7.6 Adrian Bunk
2020-01-17 17:04 ` [warrior][PATCH] python3: RDEPEND on libgcc Adrian Bunk
2020-01-17 17:34 ` ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev4) Patchwork
2020-01-17 17:34 ` ✗ patchtest: failure for python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 (rev6) Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200117170423.2990-2-bunk@stusta.de \
--to=bunk@stusta.de \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.