Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825
The Debian bugtracker[1] indicated that the issue is tracked by upstream in github[2] (with a difference CVE ID, but same issue), where the vulnerability was confirmed. Later in the same github issue the solution is confirmed: the project switched to use the requests library, which doesn't suffer from this vulnerability. Due to this mark the CVE as patched. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444 [2]: https://github.com/tweepy/tweepy/issues/279 Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 3ee544e7591b36a49550a263a0ec4d64b5e490e8) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb b/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb index 247b4e5840..0b174684a9 100644 --- a/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb +++ b/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb @@ -16,3 +16,6 @@ RDEPENDS:${PN} += "\ ${PYTHON_PN}-requests \ ${PYTHON_PN}-six \ " + +# fixed-version: The vulnerability has been fixed since v3.1.0 +CVE_CHECK_IGNORE += "CVE-2012-5825"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123978): https://lists.openembedded.org/g/openembedded-devel/message/123978 Mute This Topic: https://lists.openembedded.org/mt/117522697/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
