summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2020-11-18 21:22:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-11-24 10:27:45 +0000
commit5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d (patch)
treed06534b23f73c8b53da2dde856e0d53fe983f69b
parente05d37ec898ddad62c31bfe488b26b512f8182be (diff)
downloadpoky-5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d.tar.gz
poky-5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d.tar.bz2
poky-5e8acd1a4ea95ea5485c6beb0e00fbbbe650466d.zip
python3: whitelist CVE-2020-15523
This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath. Since it is .dll issue (on windows only), hence whitelist it. https://bugs.python.org/issue29778 (From OE-Core rev: 4ceb08bfe6c6dca486040f39d58b285c37d3bc91) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/python/python3_3.9.0.bb3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3_3.9.0.bb b/meta/recipes-devtools/python/python3_3.9.0.bb
index ae9a974f04..d29a779a81 100644
--- a/meta/recipes-devtools/python/python3_3.9.0.bb
+++ b/meta/recipes-devtools/python/python3_3.9.0.bb
@@ -49,6 +49,9 @@ CVE_PRODUCT = "python"
# This is not exploitable when glibc has CVE-2016-10739 fixed.
CVE_CHECK_WHITELIST += "CVE-2019-18348"
+# This is windows only issue.
+CVE_CHECK_WHITELIST += "CVE-2020-15523"
+
PYTHON_MAJMIN = "3.9"
S = "${WORKDIR}/Python-${PV}"