poky/meta/recipes-devtools/python/python3-setuptools
Narpat Mali 79dd246cc5 python3-setuptools: fix for CVE-2022-40897
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVE: CVE-2022-40897

Upstream-Status: Backport [43a9c9bfa6]

cherry-pick and modify from OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf

(From OE-Core rev: f2230ead6c145efc902336b2b9d5a4f0ecb749de)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-04-04 17:46:24 +01:00
..
0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch python3-setuptools: update 62.3.2 -> 62.5.0 2022-06-22 22:40:28 +01:00
0001-change-shebang-to-python3.patch python3-setuptools:upgrade 45.2.0 -> 47.1.1 2020-06-04 13:27:29 +01:00
0001-conditionally-do-not-fetch-code-by-easy_install.patch python3-setuptools: update 63.4.1 -> 65.0.2 2022-08-21 22:51:42 +01:00
0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch python3-setuptools: fix for CVE-2022-40897 2023-04-04 17:46:24 +01:00