diff mbox series

[meta-python,scarthgap,08/10] python3-m2crypto: mark CVE-2020-25657 as patched

Message ID 20260123170221.671471-8-skandigraun@gmail.com
State New
Headers show
Series [meta-python,scarthgap,01/10] python3-django: upgrade 4.2.20 -> 4.2.27 | expand

Commit Message

Gyorgy Sarvari Jan. 23, 2026, 5:02 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657

The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0

[1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ba6468f7a09bf8e268ea5ac7939925c362ead876)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb
index 95c57d5d48..736399c9d2 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.40.1.bb
@@ -17,6 +17,7 @@  PYPI_PACKAGE = "M2Crypto"
 inherit pypi siteinfo setuptools3
 
 CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug"
+CVE_STATUS[CVE-2020-25657] = "fixed-version: the used version (0.40.1) contains the fix already"
 
 DEPENDS += "openssl swig-native"
 RDEPENDS:${PN} += "\