diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2017-08-24 13:56:32 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2017-08-28 11:06:04 +0200 |
commit | e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e (patch) | |
tree | aadb129c57d4f42bb34ec373f6b5076f4daf608e /meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb | |
parent | d853932c664edaed63d5491a7cee1e1031f41ff4 (diff) | |
download | meta-openembedded-e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e.tar.gz |
python-pycrypto: Security fix CVE-2013-7459
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in
block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows
remote attackers to execute arbitrary code as demonstrated by a crafted
iv parameter to cryptmsg.py.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
Patch from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb')
-rw-r--r-- | meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb index 06a0cc4444..919f91ecb1 100644 --- a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb +++ b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb @@ -1,7 +1,9 @@ inherit distutils require python-pycrypto.inc -SRC_URI += "file://cross-compiling.patch" +SRC_URI += "file://cross-compiling.patch \ + file://CVE-2013-7459.patch \ + " # We explicitly call distutils_do_install, since we want it to run, but # *don't* want the autotools install to run, since this package doesn't |