diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2017-08-24 13:56:32 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-09-13 17:16:28 -0700 |
commit | 44af8be65f2f1969df006eec08040f5ff81df790 (patch) | |
tree | 83e783e965f66b65ff47c2d91c9838a1a1912974 /meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb | |
parent | 17da020e0de825b538e5558ebe7810346f21d00f (diff) | |
download | meta-openembedded-contrib-44af8be65f2f1969df006eec08040f5ff81df790.tar.gz |
python-pycrypto: Security fix CVE-2013-7459
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in
block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows
remote attackers to execute arbitrary code as demonstrated by a crafted
iv parameter to cryptmsg.py.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
Patch from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb')
-rw-r--r-- | meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb index 06a0cc4444..919f91ecb1 100644 --- a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb +++ b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb @@ -1,7 +1,9 @@ inherit distutils require python-pycrypto.inc -SRC_URI += "file://cross-compiling.patch" +SRC_URI += "file://cross-compiling.patch \ + file://CVE-2013-7459.patch \ + " # We explicitly call distutils_do_install, since we want it to run, but # *don't* want the autotools install to run, since this package doesn't |