Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream: "There is no vulnerability in M2Crypto. Nowhere in the functions are the return values of OpenSSL functions interpreted incorrectly. The functions provide an interface to their users that may be considered confusing, but is not incorrect, nor it is a vulnerability." [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb index 9aac7b344f..efb6c79fa7 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb @@ -12,6 +12,8 @@ SRC_URI += " \ file://0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch \ " +CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug" + inherit pypi siteinfo python_setuptools_build_meta DEPENDS += "openssl swig-native"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123223): https://lists.openembedded.org/g/openembedded-devel/message/123223 Mute This Topic: https://lists.openembedded.org/mt/117132343/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
