From: Ankur Tyagi <[email protected]> Though nvd[1] mentions commit[2] as part of the fix for CVE-2024-41671, but it is actually a fix[3] for CVE-2024-41810.
Rename patch files accordingly. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-41671 [2] https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 [3] https://nvd.nist.gov/vuln/detail/CVE-2024-41810 Signed-off-by: Ankur Tyagi <[email protected]> --- .../{CVE-2024-41671-0002.patch => CVE-2024-41671.patch} | 4 ++++ .../{CVE-2024-41671-0001.patch => CVE-2024-41810.patch} | 6 +++++- .../recipes-devtools/python/python3-twisted_24.3.0.bb | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0002.patch => CVE-2024-41671.patch} (98%) rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0001.patch => CVE-2024-41810.patch} (95%) diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0002.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671.patch similarity index 98% rename from meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0002.patch rename to meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671.patch index 147c21d73d..5c0d7b6a77 100644 --- a/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0002.patch +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671.patch @@ -10,6 +10,10 @@ CVE: CVE-2024-41671 Upstream-Status: Backport [https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc] Signed-off-by: Soumya Sambu <[email protected]> + +Dropped newsfragements change from the original commit. + +Signed-off-by: Ankur Tyagi <[email protected]> --- src/twisted/web/http.py | 21 +++-- src/twisted/web/test/test_http.py | 122 ++++++++++++++++++++++++++---- diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41810.patch similarity index 95% rename from meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch rename to meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41810.patch index 1f6bf6bbfc..e41d9667f0 100644 --- a/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41810.patch @@ -5,11 +5,15 @@ Subject: [PATCH] Merge commit from fork Added HTML output encoding the "URL" parameter of the "redirectTo" function -CVE: CVE-2024-41671 +CVE: CVE-2024-41810 Upstream-Status: Backport [https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33] Signed-off-by: Soumya Sambu <[email protected]> + +Dropped newsfragements change from the original commit. + +Signed-off-by: Ankur Tyagi <[email protected]> --- src/twisted/web/_template_util.py | 2 +- src/twisted/web/test/test_util.py | 39 ++++++++++++++++++++++++++++++- diff --git a/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb b/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb index 272aecb8b0..691b80ac68 100644 --- a/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb +++ b/meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb @@ -7,8 +7,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=c1c5d2c2493b848f83864bdedd67bbf5" SRC_URI += " \ - file://CVE-2024-41671-0001.patch \ - file://CVE-2024-41671-0002.patch \ + file://CVE-2024-41671.patch \ + file://CVE-2024-41810.patch \ " SRC_URI[sha256sum] = "6b38b6ece7296b5e122c9eb17da2eeab3d98a198f50ca9efd00fb03e5b4fd4ae"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123829): https://lists.openembedded.org/g/openembedded-devel/message/123829 Mute This Topic: https://lists.openembedded.org/mt/117445073/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
