Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: 84c53958de
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.3.0:
- Add support for italic
- can_colorize: Expect fileno() to raise OSError, as documented
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.0.3:
- Fix inference of IfExp (ternary expression) nodes to avoid
prematurely narrowing results in the face of inference ambiguity.
- Fix base class inference for dataclasses using the PEP 695
typing syntax.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.12.1:
- Changed all functions currently raising the private
NoCurrentAsyncBackend exception (since v4.12.0) to instead raise
the public NoEventLoopError exception
- Fixed anyio.functools.lru_cache not working with instance methods
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.0.221:
- Cancel l2cap connection result future on abort
- Implement extended advertising emulation
- Rust: Fix cargo-all-features to 1.11.0
- L2CAP Enhanced Retransmission mode
- Add some docs about Android and Hardware
- bump pdl dependencies versions
- android-netsim transport enhancements
- Upgrade GitHub Actions for Node 24 compatibility
- Upgrade GitHub Actions to latest versions
- GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC
- Remove unused imports
- Fix missing type hints on Device.notify_subscribers()
- L2CAP: Enhanced Credit-based Flow Control Mode
- use ruff for linting and import sorting
- hot fix: remove unused import
- Ruff: Add and fix UP rules
- add support for multiple concurrent broadcasts
- Add EATT Support
- Fix some typos and annotations
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.128.0:
- Drop support for pydantic.v1
- Run performance tests only on Pydantic v2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.6.1:
API Changes
- Add spectral bipartition community finding and greedy bipartition
using node swaps
Enhancements
- Nodelists for from_biadjacency_matrix
- Add spectral bipartition community finding and greedy bipartition
using node swaps
- Fix draw_networkx_nodes with list node_shape and add regression
test
Bug Fixes
- Fix: allow graph subclasses to have additional arguments
Documentation
- DOC: Improve benchmarking readme
- DOC: More details re: RC releases in the release process devdocs
- DOC: clarify difference between G.nodes/G.nodes() and
G.edges/G.edges() in tutorial
- DOC: Add blurb to contributor guide about drawing tests
- DOC: Fix underline lens in docstrings
- Rolling back shortest paths links
Maintenance
- MAINT: Replace string literal with comment
- Bump actions/checkout from 5 to 6 in the actions group
- pin python 3.14 to be version 3.14.0 until dataclasses are fixed
- Blocklist Python 3.14.1
Other
- TST: add tests for unsupported graph types in MST algorithms
- TST: clean up isomorphism tests
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.6.6:
- Disable setuptools-scm: Too many side-effects
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
The fix[1] is already included in the recipe version (5.0.9),
the CVE can be marked as patched.
[1]: 7c618b0bba
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-68131
Changelog:
- Added readahead buffering to C decoder for improved performance.
The decoder now uses a 4 KB buffer by default to reduce the number
of read calls. Benchmarks show 20-140% performance improvements for
decoding operations.
- Fixed Python decoder not preserving share index when decoding array
items containing nested shareable tags, causing shared references to
resolve to wrong objects
- Reset shared reference state at the start of each top-level encode/decode
operation
Ptests passed:
...
PASS: tests/test_tool.py:test_dtypes_from_file
PASS: tests/test_tool.py:test_ignore_tag
PASS: tests/test_types.py:test_frozendict
============================================================================
Testsuite summary
DURATION: 4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch to Pypi fetcher
Switch to PEP-517 build backend
Fixes
WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:pymongo CPE fails to match related CVE entries, because
they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%pymongo%';
CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:orjson CPE fails to match related CVEs, because NVD
tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%orjson%';
CVE-2024-27454|ijl|orjson|||3.9.15|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:python_multipart CPE doesn't match relevant CVE entries,
because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE,
and Mitre uses kludex:python-multipart for others.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%python%multipart%';
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant CVEs are tracked with gevent:gevent CPE, and the default
python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%gevent%';
CVE-2023-41419|gevent|gevent|||23.9.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using dnspython:dnspython CPE, and the
default python:dnspython CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%dnspython%';
CVE-2023-29483|dnspython|dnspython|||2.6.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVE entries are tracked with encode:starlette CPE, and
the default python:starlette CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%starlette%';
CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|<
CVE-2023-30798|encode|starlette|||0.25.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVE entries are tracked with executablebooks:markdown-it-py CPE
value, and the default python:markdown-it-py CPE doesn't match relevant
entries. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%markdown-it-py%';
CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|<
CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with configobj_peroject:configobj CPE in the
database, and the default python:configobj CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%configobj%';
CVE-2023-26112|configobj_project|configobj|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with py7zr_project:py7zr CPE in the database,
and the default python:py7zr CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%py7zr%';
CVE-2022-44900|py7zr_project|py7zr|||0.20.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using oathlib_project:oathlib CPE,
and the default python:oauthlib CPE doesn't match relevant entries.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'oauthlib';
CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with ethereum:eth-account CPE, and
the default python:eth-account one doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%eth-account%';
CVE-2022-1930|ethereum|eth-account|||0.5.9|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't
match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like '%binwalk%';
CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0
CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked in the CVE db with encode:httpx CPE
instead of the default python:httpx. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%httpx%';
CVE-2021-41945|encode|httpx|||0.23.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to be used instead of ${PN}.
See CVE db query:
sqlite> select * from products where product like '%cvxopt%';
CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
