* [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES
@ 2023-09-21 4:11 Daniel Lang
2023-09-21 10:30 ` Thomas Petazzoni via buildroot
2023-09-25 11:59 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Daniel Lang @ 2023-09-21 4:11 UTC (permalink / raw)
To: buildroot; +Cc: James Hilliard, Thomas Petazzoni, Asaf Kahlon
CVE-2022-45061 affects python <= 3.7.15, 3.8.0 through 3.8.15,
3.9.0 through 3.9.15, 3.10.0 through 3.10.8
The mentioned patch was removed in c38de813 when bumping to 3.11.1.
Signed-off-by: Daniel Lang <dalang@gmx.at>
---
package/python3/python3.mk | 3 ---
1 file changed, 3 deletions(-)
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 5f8fa5b58d..cfe5e1ee6e 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -13,9 +13,6 @@ PYTHON3_LICENSE_FILES = LICENSE
PYTHON3_CPE_ID_VENDOR = python
PYTHON3_CPE_ID_PRODUCT = python
-# 0033-3.11-gh-98433-Fix-quadratic-time-idna-decoding.-GH-9.patch
-PYTHON3_IGNORE_CVES += CVE-2022-45061
-
# This host Python is installed in $(HOST_DIR), as it is needed when
# cross-compiling third-party Python modules.
--
2.42.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES
2023-09-21 4:11 [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES Daniel Lang
@ 2023-09-21 10:30 ` Thomas Petazzoni via buildroot
2023-09-25 11:59 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-21 10:30 UTC (permalink / raw)
To: Daniel Lang; +Cc: James Hilliard, Asaf Kahlon, buildroot
On Thu, 21 Sep 2023 06:11:51 +0200
Daniel Lang <dalang@gmx.at> wrote:
> CVE-2022-45061 affects python <= 3.7.15, 3.8.0 through 3.8.15,
> 3.9.0 through 3.9.15, 3.10.0 through 3.10.8
> The mentioned patch was removed in c38de813 when bumping to 3.11.1.
>
> Signed-off-by: Daniel Lang <dalang@gmx.at>
> ---
> package/python3/python3.mk | 3 ---
> 1 file changed, 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES
2023-09-21 4:11 [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES Daniel Lang
2023-09-21 10:30 ` Thomas Petazzoni via buildroot
@ 2023-09-25 11:59 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-09-25 11:59 UTC (permalink / raw)
To: Daniel Lang; +Cc: James Hilliard, Asaf Kahlon, Thomas Petazzoni, buildroot
>>>>> "Daniel" == Daniel Lang <dalang@gmx.at> writes:
> CVE-2022-45061 affects python <= 3.7.15, 3.8.0 through 3.8.15,
> 3.9.0 through 3.9.15, 3.10.0 through 3.10.8
> The mentioned patch was removed in c38de813 when bumping to 3.11.1.
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-25 11:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-21 4:11 [Buildroot] [PATCH] package/python3: drop CVE-2022-45061 from IGNORE_CVES Daniel Lang
2023-09-21 10:30 ` Thomas Petazzoni via buildroot
2023-09-25 11:59 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox