* [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3
@ 2023-01-20 19:29 Fabrice Fontaine
2023-01-26 16:10 ` Peter Korsgaard
2023-02-05 23:01 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-01-20 19:29 UTC (permalink / raw)
To: buildroot; +Cc: Louis Aussedat, Fabrice Fontaine, Asaf Kahlon
Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2
and earlier allows remote attackers to cause a denial of service via
crafted Set-Cookie header from malicious web server.
https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/python-future/python-future.hash | 6 +++---
package/python-future/python-future.mk | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/python-future/python-future.hash b/package/python-future/python-future.hash
index 4fb5d2a2d7..3b2bbb0212 100644
--- a/package/python-future/python-future.hash
+++ b/package/python-future/python-future.hash
@@ -1,5 +1,5 @@
-# md5, sha256 from https://pypi.python.org/pypi/future/json
-md5 e4579c836b9c025872efe230f6270349 future-0.18.2.tar.gz
-sha256 b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d future-0.18.2.tar.gz
+# md5, sha256 from https://pypi.org/pypi/future/json
+md5 dedcb70d14b23388670d54145aab8be4 future-0.18.3.tar.gz
+sha256 34a17436ed1e96697a86f9de3d15a3b0be01d8bc8de9c1dffd59fb8234ed5307 future-0.18.3.tar.gz
# Locally computed sha256 checksums
sha256 916e561392d48471b9c23437f56e2652f320cb3b119ceaa162edf41016f746b9 LICENSE.txt
diff --git a/package/python-future/python-future.mk b/package/python-future/python-future.mk
index 76f32180ac..57bf13d83b 100644
--- a/package/python-future/python-future.mk
+++ b/package/python-future/python-future.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_FUTURE_VERSION = 0.18.2
+PYTHON_FUTURE_VERSION = 0.18.3
PYTHON_FUTURE_SOURCE = future-$(PYTHON_FUTURE_VERSION).tar.gz
-PYTHON_FUTURE_SITE = https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9
+PYTHON_FUTURE_SITE = https://files.pythonhosted.org/packages/8f/2e/cf6accf7415237d6faeeebdc7832023c90e0282aa16fd3263db0eb4715ec
PYTHON_FUTURE_SETUP_TYPE = setuptools
PYTHON_FUTURE_LICENSE = MIT
PYTHON_FUTURE_LICENSE_FILES = LICENSE.txt
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3
2023-01-20 19:29 [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3 Fabrice Fontaine
@ 2023-01-26 16:10 ` Peter Korsgaard
2023-02-05 23:01 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-01-26 16:10 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Louis Aussedat, Asaf Kahlon, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2
> and earlier allows remote attackers to cause a denial of service via
> crafted Set-Cookie header from malicious web server.
> https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3
2023-01-20 19:29 [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3 Fabrice Fontaine
2023-01-26 16:10 ` Peter Korsgaard
@ 2023-02-05 23:01 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-02-05 23:01 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Louis Aussedat, Asaf Kahlon, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2
> and earlier allows remote attackers to cause a denial of service via
> crafted Set-Cookie header from malicious web server.
> https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.11.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-05 23:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-20 19:29 [Buildroot] [PATCH 1/1] package/python-future: security bump to version 0.18.3 Fabrice Fontaine
2023-01-26 16:10 ` Peter Korsgaard
2023-02-05 23:01 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.