diff options
| author | Zhixiong Chi <zhixiong.chi@windriver.com> | 2017-06-15 14:05:02 +0800 | 
|---|---|---|
| committer | Martin Jansa <Martin.Jansa@gmail.com> | 2017-06-19 19:29:37 +0200 | 
| commit | a3bd8e6b3d664d050fe7590869d108002973ad7a (patch) | |
| tree | 8a26f9fcfa77f31b6ef1ab833e1f9a9e8732f427 /meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch | |
| parent | d3dd8bc3721f3958eb7ddeb026f7221d48daa986 (diff) | |
| download | meta-openembedded-a3bd8e6b3d664d050fe7590869d108002973ad7a.tar.gz | |
mercurial: CVE-2017-9462
Backport the CVE patch from
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
"hg serve --stdio" allows remote authenticated users to launch the
Python debugger, and consequently execute arbitrary code, by using
 --debugger as a repository name.
CVE: CVE-2017-9462
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch')
0 files changed, 0 insertions, 0 deletions
