Message ID | 20221118114915.608215-1-narpat.mali@windriver.com |
---|---|
State | Under Review |
Delegated to: | Armin Kuster |
Headers | show |
Series | [meta-openembedded,kirkstone,1/1] python3-oauthlib: upgrade 3.2.0 -> 3.2.2 | expand |
diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb similarity index 92% rename from meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb rename to meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb index e7f7f0b47..566279d71 100644 --- a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb +++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" -SRC_URI[sha256sum] = "23a8208d75b902797ea29fd31fa80a15ed9dc2c6c16fe73f5d346f83f6fa27a2" +SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918" inherit pypi setuptools3
As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after upgrading the python3-oauthlib version to 3.2.1, observed that the vulnerable code lines are still available. The same observations were reported here in github at https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake during 3.2.1 release preparation and due to which vulnerable code was still existing in 3.2.1 source code. To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 version and here are the changelog of version 3.2.2 https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst Reference : https://nvd.nist.gov/vuln/detail/CVE-2022-36087 Upstream fix : https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd Signed-off-by: Narpat Mali <narpat.mali@windriver.com> --- .../{python3-oauthlib_3.2.0.bb => python3-oauthlib_3.2.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-oauthlib_3.2.0.bb => python3-oauthlib_3.2.2.bb} (92%)