| Message ID | 20230120192952.8159-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/python-future: security bump to version 0.18.3 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2 > and earlier allows remote attackers to cause a denial of service via > crafted Set-Cookie header from malicious web server. > https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2 > and earlier allows remote attackers to cause a denial of service via > crafted Set-Cookie header from malicious web server. > https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2022.11.x and 2022.02.x, thanks.
diff --git a/package/python-future/python-future.hash b/package/python-future/python-future.hash index 4fb5d2a2d7..3b2bbb0212 100644 --- a/package/python-future/python-future.hash +++ b/package/python-future/python-future.hash @@ -1,5 +1,5 @@ -# md5, sha256 from https://pypi.python.org/pypi/future/json -md5 e4579c836b9c025872efe230f6270349 future-0.18.2.tar.gz -sha256 b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d future-0.18.2.tar.gz +# md5, sha256 from https://pypi.org/pypi/future/json +md5 dedcb70d14b23388670d54145aab8be4 future-0.18.3.tar.gz +sha256 34a17436ed1e96697a86f9de3d15a3b0be01d8bc8de9c1dffd59fb8234ed5307 future-0.18.3.tar.gz # Locally computed sha256 checksums sha256 916e561392d48471b9c23437f56e2652f320cb3b119ceaa162edf41016f746b9 LICENSE.txt diff --git a/package/python-future/python-future.mk b/package/python-future/python-future.mk index 76f32180ac..57bf13d83b 100644 --- a/package/python-future/python-future.mk +++ b/package/python-future/python-future.mk @@ -4,9 +4,9 @@ # ################################################################################ -PYTHON_FUTURE_VERSION = 0.18.2 +PYTHON_FUTURE_VERSION = 0.18.3 PYTHON_FUTURE_SOURCE = future-$(PYTHON_FUTURE_VERSION).tar.gz -PYTHON_FUTURE_SITE = https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9 +PYTHON_FUTURE_SITE = https://files.pythonhosted.org/packages/8f/2e/cf6accf7415237d6faeeebdc7832023c90e0282aa16fd3263db0eb4715ec PYTHON_FUTURE_SETUP_TYPE = setuptools PYTHON_FUTURE_LICENSE = MIT PYTHON_FUTURE_LICENSE_FILES = LICENSE.txt
Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/python-future/python-future.hash | 6 +++--- package/python-future/python-future.mk | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-)