diff mbox series

[kirkstone,02/34] python3: ignore CVE-2015-20107

Message ID	f525745af38b0e5ea26693849cd4f19c627efd46.1651246310.git.steve@sakoman.com
State	Accepted, archived
Commit	f525745af38b0e5ea26693849cd4f19c627efd46
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.177, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/34] python3: ignore CVE-2015-20107 Date: Fri, 29 Apr 2022 06:00:21 -1000 Message-Id: <f525745af38b0e5ea26693849cd4f19c627efd46.1651246310.git.steve@sakoman.com> In-Reply-To: <cover.1651246310.git.steve@sakoman.com> References: <cover.1651246310.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/34] e2fsprogs: fix CVE-2022-1304 \| expand [kirkstone,01/34] e2fsprogs: fix CVE-2022-1304 [kirkstone,02/34] python3: ignore CVE-2015-20107 [kirkstone,03/34] cve_check: skip remote patches that haven't been fetched when searching for CVE t… [kirkstone,04/34] apt: upgrade 2.4.4 -> 2.4.5 [kirkstone,05/34] subversion: upgrade to 1.14.2 [kirkstone,06/34] glib: upgrade 2.72.0 -> 2.72.1 [kirkstone,07/34] glibc: ptest: Fix glibc-tests package issue [kirkstone,08/34] seatd: Disable overflow warning as error on ppc64/musl [kirkstone,09/34] package.bbclass: Prevent perform_packagecopy from removing /sysroot-only [kirkstone,10/34] kernel-yocto.bbclass: Fixup do_kernel_configcheck usage of KMETA [kirkstone,11/34] linux-firmware: correct license for ar3k firmware [kirkstone,12/34] arch-armv8-2a.inc: fix a typo in TUNEVALID variable [kirkstone,13/34] musl: Fix build when usrmerge distro feature is enabled [kirkstone,14/34] gcompat: Fix build when usrmerge distro feature is enabled [kirkstone,15/34] wic: do not use PARTLABEL for msdos partition tables [kirkstone,16/34] libc-glibc: Use libxcrypt to provide virtual/crypt [kirkstone,17/34] qemu.bbclass: Extend ppc/ppc64 extra options [kirkstone,18/34] busybox: Use base_bindir instead of hardcoding /bin path [kirkstone,19/34] gstreamer1.0-plugins-good: Fix libsoup dependency [kirkstone,20/34] gstreamer1.0: Minor documentation addition [kirkstone,21/34] gstreamer1.0-plugins-bad: drop patch [kirkstone,22/34] terminal.py: Restore error output from Terminal [kirkstone,23/34] devshell.bbclass: Allow devshell & pydevshell to use the network [kirkstone,24/34] cases/buildepoxy.py: fix typo [kirkstone,25/34] create-spdx: delete virtual/kernel dependency to fix FreeRTOS build [kirkstone,26/34] go.bbclass: disable the use of the default configuration file [kirkstone,27/34] install/devshell: Introduce git intercept script due to fakeroot issues [kirkstone,28/34] base: Drop git intercept [kirkstone,29/34] bitbake.conf: mark all directories as safe for git to read [kirkstone,30/34] neard: Switch SRC_URI to git repo [kirkstone,31/34] sanity: skip make 4.2.1 warning for debian [kirkstone,32/34] util-linux: Create u-a symlink for findfs utility [kirkstone,33/34] staging: Ensure we filter out ourselves [kirkstone,34/34] libxml2: update patch status

Commit Message

Steve Sakoman April 29, 2022, 4 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.

Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3_3.10.4.bb | 3 +++
 1 file changed, 3 insertions(+)

diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3_3.10.4.bb b/meta/recipes-devtools/python/python3_3.10.4.bb
index 7eaafe34ad..d678d55083 100644
--- a/meta/recipes-devtools/python/python3_3.10.4.bb
+++ b/meta/recipes-devtools/python/python3_3.10.4.bb
@@ -55,6 +55,9 @@  CVE_CHECK_IGNORE += "CVE-2007-4559"
 CVE_CHECK_IGNORE += "CVE-2019-18348"
 # These are specific to Microsoft Windows
 CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
+# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
+# The module will be removed in the future and flaws documented.
+CVE_CHECK_IGNORE += "CVE-2015-20107"
 
 PYTHON_MAJMIN = "3.10"