From 4ceb08bfe6c6dca486040f39d58b285c37d3bc91 Mon Sep 17 00:00:00 2001
From: Lee Chee Yang <chee.yang.lee@intel.com>
Date: Wed, 18 Nov 2020 21:22:26 +0800
Subject: python3: whitelist CVE-2020-15523

This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath.
Since it is .dll issue (on windows only), hence whitelist it.

https://bugs.python.org/issue29778

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/python/python3_3.9.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/python/python3_3.9.0.bb b/meta/recipes-devtools/python/python3_3.9.0.bb
index ae9a974f04..d29a779a81 100644
--- a/meta/recipes-devtools/python/python3_3.9.0.bb
+++ b/meta/recipes-devtools/python/python3_3.9.0.bb
@@ -49,6 +49,9 @@ CVE_PRODUCT = "python"
 # This is not exploitable when glibc has CVE-2016-10739 fixed.
 CVE_CHECK_WHITELIST += "CVE-2019-18348"
 
+# This is windows only issue.
+CVE_CHECK_WHITELIST += "CVE-2020-15523"
+
 PYTHON_MAJMIN = "3.9"
 
 S = "${WORKDIR}/Python-${PV}"
-- 
cgit 1.2.3-korg