diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-11-18 21:22:26 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-24 10:27:38 +0000 |
commit | 4ceb08bfe6c6dca486040f39d58b285c37d3bc91 (patch) | |
tree | eb785530a15ba8c335aff12d89827fdfc722b7c1 | |
parent | ad6b184b5a87b8bcdd5e28f19be841a78f5e51df (diff) | |
download | openembedded-core-contrib-4ceb08bfe6c6dca486040f39d58b285c37d3bc91.tar.gz |
python3: whitelist CVE-2020-15523
This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath.
Since it is .dll issue (on windows only), hence whitelist it.
https://bugs.python.org/issue29778
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/python/python3_3.9.0.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3_3.9.0.bb b/meta/recipes-devtools/python/python3_3.9.0.bb index ae9a974f04..d29a779a81 100644 --- a/meta/recipes-devtools/python/python3_3.9.0.bb +++ b/meta/recipes-devtools/python/python3_3.9.0.bb @@ -49,6 +49,9 @@ CVE_PRODUCT = "python" # This is not exploitable when glibc has CVE-2016-10739 fixed. CVE_CHECK_WHITELIST += "CVE-2019-18348" +# This is windows only issue. +CVE_CHECK_WHITELIST += "CVE-2020-15523" + PYTHON_MAJMIN = "3.9" S = "${WORKDIR}/Python-${PV}" |