[dunfell,02/22] python3: ignore CVE-2023-36632

Message ID	b66a677b76c7f15eb5c426f8dc7ac42e1e2e3f40.1691961051.git.steve@sakoman.com
State	Accepted, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.171, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/22] python3: ignore CVE-2023-36632 Date: Sun, 13 Aug 2023 11:18:08 -1000 Message-Id: <b66a677b76c7f15eb5c426f8dc7ac42e1e2e3f40.1691961051.git.steve@sakoman.com> In-Reply-To: <cover.1691961051.git.steve@sakoman.com> References: <cover.1691961051.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI \| expand [dunfell,01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI [dunfell,02/22] python3: ignore CVE-2023-36632 [dunfell,03/22] libjpeg-turbo: patch CVE-2023-2804 [dunfell,04/22] go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header [dunfell,05/22] libarchive: ignore CVE-2023-30571 [dunfell,06/22] libpcre2: patch CVE-2022-41409 [dunfell,07/22] tiff: fix multiple CVEs [dunfell,08/22] tiff: fix multiple CVEs [dunfell,09/22] dmidecode 3.2: Fix CVE-2023-30630 [dunfell,10/22] qemu: CVE-ID correction for CVE-2020-35505 [dunfell,11/22] qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to… [dunfell,12/22] ghostscript: backport fix for CVE-2023-38559 [dunfell,13/22] procps: patch CVE-2023-4016 [dunfell,14/22] cve-update-nvd2-native: always pass str for json.loads() [dunfell,15/22] harfbuzz: Resolve backported commit bug. [dunfell,16/22] linux-yocto/5.4: update to v5.4.249 [dunfell,17/22] linux-yocto/5.4: update to v5.4.250 [dunfell,18/22] linux-yocto/5.4: update to v5.4.251 [dunfell,19/22] openssl: Upgrade 1.1.1t -> 1.1.1v [dunfell,20/22] linux-firmware: Fix mediatek mt7601u firmware path [dunfell,21/22] systemd-systemctl: fix errors in instance name expansion [dunfell,22/22] kernel: skip installing fitImage when using Initramfs bundles

Message ID

b66a677b76c7f15eb5c426f8dc7ac42e1e2e3f40.1691961051.git.steve@sakoman.com

State

Accepted, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 02/22] python3: ignore CVE-2023-36632
Date: Sun, 13 Aug 2023 11:18:08 -1000
Message-Id: 
 <b66a677b76c7f15eb5c426f8dc7ac42e1e2e3f40.1691961051.git.steve@sakoman.com>
In-Reply-To: <cover.1691961051.git.steve@sakoman.com>
References: <cover.1691961051.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI | expand

Commit Message

Steve Sakoman Aug. 13, 2023, 9:18 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE shouldn't have been filed as the "exploit" is described in the
documentation as how the library behaves.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3_3.8.17.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/python/python3_3.8.17.bb b/meta/recipes-devtools/python/python3_3.8.17.bb
index 8c00d65794..00c4ff497a 100644
--- a/meta/recipes-devtools/python/python3_3.8.17.bb
+++ b/meta/recipes-devtools/python/python3_3.8.17.bb
@@ -61,6 +61,8 @@  CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488"
 # The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
 # The module will be removed in the future and flaws documented.
 CVE_CHECK_WHITELIST += "CVE-2015-20107"
+# Not an issue, in fact expected behaviour
+CVE_CHECK_WHITELIST += "CVE-2023-36632"
 
 PYTHON_MAJMIN = "3.8"

[dunfell,02/22] python3: ignore CVE-2023-36632

Commit Message

Patch