Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the package since version 0.39.0 [1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit ba6468f7a09bf8e268ea5ac7939925c362ead876) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb index 95c57d5d48..736399c9d2 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb @@ -17,6 +17,7 @@ PYPI_PACKAGE = "M2Crypto" inherit pypi siteinfo setuptools3 CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug" +CVE_STATUS[CVE-2020-25657] = "fixed-version: the used version (0.40.1) contains the fix already" DEPENDS += "openssl swig-native" RDEPENDS:${PN} += "\
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123793): https://lists.openembedded.org/g/openembedded-devel/message/123793 Mute This Topic: https://lists.openembedded.org/mt/117421630/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
