Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694
The vulnerability was reported to the project[1], and the commit[2] that resolved the issue has been part of the project since version 0.11.7. Mark the CVE as patched due to this. [1]: https://github.com/Kludex/uvicorn/issues/723 [2]: https://github.com/Kludex/uvicorn/commit/895807f94ea9a8e588605c12076b7d7517cda503 Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit a5ee234b8cf06b6385a9bf1eb5b60d6171a993c9) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-uvicorn_0.38.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-uvicorn_0.38.0.bb b/meta-python/recipes-devtools/python/python3-uvicorn_0.38.0.bb index b0ce49be97..ee295abf5d 100644 --- a/meta-python/recipes-devtools/python/python3-uvicorn_0.38.0.bb +++ b/meta-python/recipes-devtools/python/python3-uvicorn_0.38.0.bb @@ -11,6 +11,7 @@ SRC_URI += "file://0001-ptest-disable-failing-tests.patch" inherit pypi python_hatchling ptest-python-pytest PYPI_PACKAGE = "uvicorn" +CVE_STATUS[CVE-2020-7694] = "fixed-version: The vulnerability has been fixed since 0.11.7" RDEPENDS:${PN} = "\ python3-click \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124191): https://lists.openembedded.org/g/openembedded-devel/message/124191 Mute This Topic: https://lists.openembedded.org/mt/117649907/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
