From: Narpat Mali
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. Calling `load_pem_pkcs7_certificates`
or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference
and segfault. Exploitation of this vulnerability poses a
From: Narpat Mali
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. Calling `load_pem_pkcs7_certificates`
or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference
and segfault. Exploitation of this vulnerability poses a
From: Narpat Mali
There was an extra space between the result and ':'.
After removing extra space, the ptest result will be:
result : testname -> result: testname
Signed-off-by: Narpat Mali
---
meta/recipes-devtools/python/python3-jinja2/run-ptest | 2 +-
1 file changed, 1 insertion(+), 1
On 02-10-2023 20:04, Steve Sakoman wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Thu, Sep 28, 2023 at 10:24 PM Narpat Mali via
lists.openembedded.org
wrote:
From
From: Narpat Mali
The output of python3-jinja2 ptest should follow a unified format as below
result: testname
Reference:
https://wiki.yoctoproject.org/wiki/Ptest
Signed-off-by: Narpat Mali
---
meta/recipes-devtools/python/python3-jinja2/run-ptest | 2 +-
1 file changed, 1 insertion(+), 1
From: Narpat Mali
The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.
Changelog:
==
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by
From: Narpat Mali
The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.
Changelog:
==
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by
From: Narpat Mali
CVE-2022-40896:
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.
The CVE issue is fixed by 3 different commits between the releases 2.14.0
(for Smithy lexer), 2.15.0 (for SQL+Jinja lexers) and 2.15.1 (for Java
properties) as
From: Narpat Mali
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.
The CVE issue is fixed by these 3 different commits in different version:
1. Improve the Smithy metadata matcher (These changes are already available as
part
of current
From: Narpat Mali
The delta between 3.1.27 & 3.1.32 contains the CVE-2022-24439 &
CVE-2023-40267 fixes and other bugfixes.
Changelog:
https://github.com/gitpython-developers/GitPython/releases/tag/3.1.32
https://gitpython.readthedocs.io/en/stable/changes.html#id5
- Bump
From: Narpat Mali
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg
CLI)
and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0
which
is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at
all.
Debian & Bugzilla
From: Narpat Mali
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg
CLI)
and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0
which
is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at
all.
Debian & Bugzilla
From: Narpat Mali
The delta between 3.1.31 & 3.1.32 contains the CVE-2023-40267 fix and other
bugfixes.
Changelog:
https://github.com/gitpython-developers/GitPython/releases/tag/3.1.32
- Bump cygwin/cygwin-install-action from 3 to 4 by @dependabot in #1572
- Fix up the commit trailers
From: Narpat Mali
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg
CLI)
and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0
which
is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at
all.
Debian & Bugzilla
From: Narpat Mali
* Upstream has dropped setup.py
* Inherit python_setuptools_build_meta instead of setuptools3
* Add self as maintainer, as this is a dependency for python3-sphinx
Adds some new lexers, updates a few others. A handful of bug fixes.
From: Narpat Mali
python3-certifi 2023.7.22 contains the CVE-2023-37920 fix.
No changelog provided. Commits:
8fb96ed (tag: 2023.07.22) 2023.07.22
afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
44df761 Hash pin Actions
pat
Thanks,
Anuj
On Wed, 2023-08-02 at 17:57 +0000, Narpat Mali via
lists.openembedded.org wrote:
From: Narpat Mali
Certifi is a curated collection of Root Certificates for validating
the trustworthiness of SSL certificates while verifying the identity
of TLS hosts. Certifi prior to vers
From: Narpat Mali
Certifi is a curated collection of Root Certificates for validating
the trustworthiness of SSL certificates while verifying the identity
of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra"
root certificates. e-Tugra's root certificates were subject to an
From: Narpat Mali
CVE-2023-2975: AES-SIV implementation ignores empty associated data entries
https://nvd.nist.gov/vuln/detail/CVE-2023-2975
CVE-2023-3446: Excessive time spent checking DH keys and parameters
https://nvd.nist.gov/vuln/detail/CVE-2023-3446
Have also tested openssl ptest with
From: Narpat Mali
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking
Proxy-Authorization headers to destination servers when redirected to an HTTPS
endpoint. This is a product of how we use `rebuild_proxies` to reattach the
`Proxy-Authorization` header to requests. For
From: Narpat Mali
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. In affected versions `Cipher.update_into`
would accept Python objects which implement the buffer protocol, but
provide only immutable buffers. This would allow immutable
From: Narpat Mali
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and
other products, leaves stale hwaccel state in worker threads, which
allows attackers to trigger a use-after-free and execute arbitrary
code in some circumstances (e.g., hardware re-initialization upon a
22 matches
Mail list logo