Details: https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Upstream could not reproduce the issue. The vulnerability has currently the "disputed" flag in the NVD database, and Github has revoked their related advisory[1]. Ignore this CVE due to this. [1]: https://github.com/advisories/GHSA-w596-4wvx-j9j6 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-py_1.11.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb index 143f7ec555..61f3873b4c 100644 --- a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb +++ b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a6bb0320b04a0a503f12f69fea479de9" SRC_URI[sha256sum] = "51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719" CVE_PRODUCT = "py" +CVE_STATUS[CVE-2022-42969] = "disputed: upstream could not reproduce it, github also revoked the advisory" DEPENDS += "python3-setuptools-scm-native"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123645): https://lists.openembedded.org/g/openembedded-devel/message/123645 Mute This Topic: https://lists.openembedded.org/mt/117349063/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
