diff mbox series

[meta-python,1/2] python3-m2crypto: ignore CVE-2009-0127

Message ID 20260107113343.2238185-1-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-python,1/2] python3-m2crypto: ignore CVE-2009-0127 | expand

Commit Message

Gyorgy Sarvari Jan. 7, 2026, 11:33 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127

The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
index 9aac7b344f..efb6c79fa7 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
@@ -12,6 +12,8 @@  SRC_URI += " \
           file://0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch \
 "
 
+CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug"
+
 inherit pypi siteinfo python_setuptools_build_meta
 
 DEPENDS += "openssl swig-native"