helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

python3-m2crypto: ignore CVE-2009-0127

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127

The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-01-07 12:33:42 +01:00 committed by Khem Raj
parent 8f67ff2a34
commit b46a5452a1
No known key found for this signature in database
GPG Key ID: BB053355919D3314
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
View File

@ -12,6 +12,8 @@ SRC_URI += " \
file://0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch \
"
CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug"
inherit pypi siteinfo python_setuptools_build_meta
DEPENDS += "openssl swig-native"