On Wed, Jan 14, 2026 at 9:01 PM Ankur Tyagi via lists.openembedded.org <[email protected]> wrote: > > From: Ankur Tyagi <[email protected]> > > Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53643 > > Signed-off-by: Ankur Tyagi <[email protected]> > --- > .../python3-aiohttp/CVE-2025-53643.patch | 189 ++++++++++++++++++ > .../python/python3-aiohttp_3.9.5.bb | 4 +- > 2 files changed, 192 insertions(+), 1 deletion(-) > create mode 100644 > meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch > > diff --git > a/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch > b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch > new file mode 100644 > index 0000000000..99ed1ca395 > --- /dev/null > +++ b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch > @@ -0,0 +1,189 @@ > +From 2b45c0cc5f94a4aab25e80580db73c5da1152030 Mon Sep 17 00:00:00 2001 > +From: Sam Bull <[email protected]> > +Date: Wed, 9 Jul 2025 19:55:22 +0100 > +Subject: [PATCH] Add trailer parsing logic (#11269) (#11287) > + > +CVE: CVE-2025-53643 > +Upstream-Status: Backport > [https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a]
Please also include the changes done to the original change .. in this case, dropped test and changelog .. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123580): https://lists.openembedded.org/g/openembedded-devel/message/123580 Mute This Topic: https://lists.openembedded.org/mt/117260214/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
