Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61911
Pick the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../python/python3-ldap/CVE-2025-61911.patch | 41 +++++++++++++++++++ .../python/python3-ldap_3.4.0.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch diff --git a/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch new file mode 100644 index 0000000000..39426268ac --- /dev/null +++ b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch @@ -0,0 +1,41 @@ +From ecbd037205723884036b4a467c19d7904b8b6cee Mon Sep 17 00:00:00 2001 +From: lukas-eu <[email protected]> +Date: Fri, 10 Oct 2025 19:47:46 +0200 +Subject: [PATCH] Merge commit from fork + +CVE: CVE-2025-61911 +Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + Lib/ldap/filter.py | 2 ++ + Tests/t_ldap_filter.py | 4 ++++ + 2 files changed, 6 insertions(+) + +diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py +index 782737a..5bd41b2 100644 +--- a/Lib/ldap/filter.py ++++ b/Lib/ldap/filter.py +@@ -24,6 +24,8 @@ def escape_filter_chars(assertion_value,escape_mode=0): + If 1 all NON-ASCII chars are escaped. + If 2 all chars are escaped. + """ ++ if not isinstance(assertion_value, str): ++ raise TypeError("assertion_value must be of type str.") + if escape_mode: + r = [] + if escape_mode==1: +diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py +index 313b373..5431205 100644 +--- a/Tests/t_ldap_filter.py ++++ b/Tests/t_ldap_filter.py +@@ -49,6 +49,10 @@ class TestDN(unittest.TestCase): + ), + r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f' + ) ++ with self.assertRaises(TypeError): ++ escape_filter_chars(["abc@*()/xyz"], escape_mode=1) ++ with self.assertRaises(TypeError): ++ escape_filter_chars({"abc@*()/xyz": 1}, escape_mode=1) + + def test_escape_filter_chars_mode2(self): + """ diff --git a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb index 4299058315..59ced40021 100644 --- a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb +++ b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb @@ -13,6 +13,7 @@ PYPI_PACKAGE = "python-ldap" inherit pypi setuptools3 +SRC_URI += "file://CVE-2025-61911.patch" SRC_URI[sha256sum] = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12" do_configure:prepend() {
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123398): https://lists.openembedded.org/g/openembedded-devel/message/123398 Mute This Topic: https://lists.openembedded.org/mt/117239740/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
