CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
67aa29393d
poky/meta/recipes-devtools/python/python3-setuptools
History
Soumya Sambu 67aa29393d python3-setuptools: Fix CVE-2024-6345 
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for
remote code execution via its download functions. These functions, which are used to download
packages from URLs provided by users or retrieved from package index servers, are susceptible
to code injection. If these functions are exposed to user-controlled inputs, such as package
URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345

Upstream-patch:
88807c7062

(From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-09-09 06:08:10 -07:00
..
0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch python3-setuptools: upgrade 69.0.3 -> 69.1.1 2024-03-07 17:25:02 +00:00
0001-conditionally-do-not-fetch-code-by-easy_install.patch python3-setuptools: upgrade 69.0.3 -> 69.1.1 2024-03-07 17:25:02 +00:00
CVE-2024-6345.patch python3-setuptools: Fix CVE-2024-6345 2024-09-09 06:08:10 -07:00