aboutsummaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2017-08-24 13:56:32 +0800
committerMartin Jansa <Martin.Jansa@gmail.com>2017-08-28 11:06:04 +0200
commite4af9cf961c70bb4a96eaafd995d0ff2c264cb8e (patch)
treeaadb129c57d4f42bb34ec373f6b5076f4daf608e /meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
parentd853932c664edaed63d5491a7cee1e1031f41ff4 (diff)
downloadmeta-openembedded-contrib-e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e.tar.gz
meta-openembedded-contrib-e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e.tar.bz2
meta-openembedded-contrib-e4af9cf961c70bb4a96eaafd995d0ff2c264cb8e.zip
python-pycrypto: Security fix CVE-2013-7459
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Reference: https://nvd.nist.gov/vuln/detail/CVE-2013-7459 Patch from: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb')
-rw-r--r--meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb4
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
index 06a0cc4444..919f91ecb1 100644
--- a/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
+++ b/meta-python/recipes-devtools/python/python-pycrypto_2.6.1.bb
@@ -1,7 +1,9 @@
inherit distutils
require python-pycrypto.inc
-SRC_URI += "file://cross-compiling.patch"
+SRC_URI += "file://cross-compiling.patch \
+ file://CVE-2013-7459.patch \
+ "
# We explicitly call distutils_do_install, since we want it to run, but
# *don't* want the autotools install to run, since this package doesn't