* [Buildroot] CVE-2024-6232 version range fix
@ 2024-12-31 11:02 Thomas Petazzoni via buildroot
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni via buildroot @ 2024-12-31 11:02 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Dear NVD maintainers,
CVE-2024-6232 reported against Python is documented at
https://nvd.nist.gov/vuln/detail/CVE-2024-6232 as affecting
all versions of Python prior to 3.12.5.
However, the fix for this issue has been backported to maintained
versions of Python, which means some versions numerically before 3.12.5
are NOT affected.
Namely:
* https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
is the fix that was backported to the 3.11.x branch of Python, and is
part of Python 3.11.10, so every version 3.11.x >= 3.11.10 are not affected.
* https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
is the fix that was backported to the 3.10.x branch of Python, and is
part of Python 3.10.15, so every version 3.10.x >= 3.10.15 are not
affected.
Would it be possible to adjust the CVE entry accordingly?
Thanks a lot!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-12-31 11:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-31 11:02 [Buildroot] CVE-2024-6232 version range fix Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox