* [Buildroot] [git commit branch/2022.02.x] package/python-paramiko: security bump to version 2.10.3
@ 2022-04-04 12:32 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-04-04 12:32 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=6a826c6d2370da1ce45d0d72f0351c7e73e63110
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.02.x
Fix CVE-2022-24302: Creation of new private key files using PKey
subclasses was subject to a race condition between file creation & mode
modification, which could be exploited by an attacker with knowledge of
where the Paramiko-using code would write out such files.
https://github.com/paramiko/paramiko/blob/2.10.3/sites/www/changelog.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae699d7f9ad3caebe1fb338303f1b7c6ad42f6ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-paramiko/python-paramiko.hash | 4 ++--
package/python-paramiko/python-paramiko.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-paramiko/python-paramiko.hash b/package/python-paramiko/python-paramiko.hash
index b11acf1dbc..951bd8e114 100644
--- a/package/python-paramiko/python-paramiko.hash
+++ b/package/python-paramiko/python-paramiko.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/paramiko/json
-md5 44136d79da4cd7619e368018ad022619 paramiko-2.7.2.tar.gz
-sha256 7f36f4ba2c0d81d219f4595e35f70d56cc94f9ac40a6acdf51d6ca210ce65035 paramiko-2.7.2.tar.gz
+md5 6e47947882e2c1b81f35b4133e8e62b9 paramiko-2.10.3.tar.gz
+sha256 ddb1977853aef82804b35d72a0e597b244fa326c404c350bd00c5b01dbfee71a paramiko-2.10.3.tar.gz
# Locally computed sha256 checksums
sha256 5fa25bf5f395fd26e701c2e1de4ca7d162816986dc791c22f8f4226857ad1bb2 LICENSE
diff --git a/package/python-paramiko/python-paramiko.mk b/package/python-paramiko/python-paramiko.mk
index 3c135cf9b1..46209f5823 100644
--- a/package/python-paramiko/python-paramiko.mk
+++ b/package/python-paramiko/python-paramiko.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_PARAMIKO_VERSION = 2.7.2
+PYTHON_PARAMIKO_VERSION = 2.10.3
PYTHON_PARAMIKO_SOURCE = paramiko-$(PYTHON_PARAMIKO_VERSION).tar.gz
-PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/cf/a1/20d00ce559a692911f11cadb7f94737aca3ede1c51de16e002c7d3a888e0
+PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/d4/93/1a1eb7f214e6774099d56153db9e612f93cb8ffcdfd2eca243fcd5bb3a78
PYTHON_PARAMIKO_SETUP_TYPE = setuptools
PYTHON_PARAMIKO_LICENSE = LGPL-2.1+
PYTHON_PARAMIKO_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-04 12:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-04 12:32 [Buildroot] [git commit branch/2022.02.x] package/python-paramiko: security bump to version 2.10.3 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.