Message ID | 20221010115818.10917-1-thakur.virendra1810@gmail.com |
---|---|
State | New, archived |
Headers | show |
Series | [dunfell] python3: Whitelist CVE-2018-25032 | expand |
Hi Virendra, Please add one space after # in both the comments. On Mon, 10 Oct, 2022, 5:28 pm virendra thakur, < thakur.virendra1810@gmail.com> wrote: > zlib v1.2.11 as used in Windows binary releases contains a security > issue. > Link: https://bugs.python.org/issue47194 > > Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> > --- > meta/recipes-devtools/python/python3_3.8.13.bb | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/meta/recipes-devtools/python/python3_3.8.13.bb > b/meta/recipes-devtools/python/python3_3.8.13.bb > index d87abe2351..e0e6861677 100644 > --- a/meta/recipes-devtools/python/python3_3.8.13.bb > +++ b/meta/recipes-devtools/python/python3_3.8.13.bb > @@ -62,6 +62,10 @@ CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" > # The module will be removed in the future and flaws documented. > CVE_CHECK_WHITELIST += "CVE-2015-20107" > > +#zlib v1.2.11 as used in Windows binary releases contains a security issue > +#https://bugs.python.org/issue47194 > +CVE_CHECK_WHITELIST += "CVE-2018-25032" > + > PYTHON_MAJMIN = "3.8" > > S = "${WORKDIR}/Python-${PV}" > -- > 2.17.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171574): > https://lists.openembedded.org/g/openembedded-core/message/171574 > Mute This Topic: https://lists.openembedded.org/mt/94234436/6360406 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ranjitsinhrathod1991@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
While the reasoning is correct that this only applies to Windows, this patch is superseded by upgrading to Python 3.8.14: https://docs.python.org/release/3.8.14/whatsnew/changelog.html#windows bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. On Mon, Oct 10, 2022 at 8:25 AM Ranjitsinh Rathod < ranjitsinhrathod1991@gmail.com> wrote: > Hi Virendra, > > Please add one space after # in both the comments. > > On Mon, 10 Oct, 2022, 5:28 pm virendra thakur, < > thakur.virendra1810@gmail.com> wrote: > >> zlib v1.2.11 as used in Windows binary releases contains a security >> issue. >> Link: https://bugs.python.org/issue47194 >> >> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> >> --- >> meta/recipes-devtools/python/python3_3.8.13.bb | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/meta/recipes-devtools/python/python3_3.8.13.bb >> b/meta/recipes-devtools/python/python3_3.8.13.bb >> index d87abe2351..e0e6861677 100644 >> --- a/meta/recipes-devtools/python/python3_3.8.13.bb >> +++ b/meta/recipes-devtools/python/python3_3.8.13.bb >> @@ -62,6 +62,10 @@ CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" >> # The module will be removed in the future and flaws documented. >> CVE_CHECK_WHITELIST += "CVE-2015-20107" >> >> +#zlib v1.2.11 as used in Windows binary releases contains a security >> issue >> +#https://bugs.python.org/issue47194 >> +CVE_CHECK_WHITELIST += "CVE-2018-25032" >> + >> PYTHON_MAJMIN = "3.8" >> >> S = "${WORKDIR}/Python-${PV}" >> -- >> 2.17.1 >> >> >> >> >> > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171577): > https://lists.openembedded.org/g/openembedded-core/message/171577 > Mute This Topic: https://lists.openembedded.org/mt/94234436/924729 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ticotimo@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-devtools/python/python3_3.8.13.bb b/meta/recipes-devtools/python/python3_3.8.13.bb index d87abe2351..e0e6861677 100644 --- a/meta/recipes-devtools/python/python3_3.8.13.bb +++ b/meta/recipes-devtools/python/python3_3.8.13.bb @@ -62,6 +62,10 @@ CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" # The module will be removed in the future and flaws documented. CVE_CHECK_WHITELIST += "CVE-2015-20107" +#zlib v1.2.11 as used in Windows binary releases contains a security issue +#https://bugs.python.org/issue47194 +CVE_CHECK_WHITELIST += "CVE-2018-25032" + PYTHON_MAJMIN = "3.8" S = "${WORKDIR}/Python-${PV}"
zlib v1.2.11 as used in Windows binary releases contains a security issue. Link: https://bugs.python.org/issue47194 Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> --- meta/recipes-devtools/python/python3_3.8.13.bb | 4 ++++ 1 file changed, 4 insertions(+)