python3-m2crypto: ignore CVE-2009-0127

Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127 The vulnerability is disputed[1] by upstream: "There is no vulnerability in M2Crypto. Nowhere in the functions are the return values of OpenSSL functions interpreted incorrectly. The functions provide an interface to their users that may be considered confusing, but is not incorrect, nor it is a vulnerability." [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b46a5452a1c1a417f2971e494e151fa1f4022e36) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-05-18 21:59:27 +00:00 · 2026-02-05 07:59:40 +01:00 · 2026-02-05 07:59:40 +01:00 · 49cf55619b
commit 49cf55619b
parent 8cbb786347
1 changed files with 2 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
@ -12,6 +12,8 @@ SRC_URI += " \
          file://0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch \
 "

+CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug"
+
 inherit pypi siteinfo python_setuptools_build_meta

 DEPENDS += "openssl swig-native"