-
Notifications
You must be signed in to change notification settings - Fork 567
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[AUTO-CHERRYPICK] [Medium] patch m2crypto to fix CVE-2019-11358 - bra…
…nch 3.0-dev (#12195) Co-authored-by: jykanase <[email protected]>
- Loading branch information
1 parent
a0afb4f
commit e806263
Showing
2 changed files
with
33 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| From d3e8292d3c2ac5e78ee4f8cf7ea00241335159b4 Mon Sep 17 00:00:00 2001 | ||
| From: jykanase <[email protected]> | ||
| Date: Wed, 29 Jan 2025 13:46:24 +0000 | ||
| Subject: [PATCH] CVE-2019-11358 | ||
|
|
||
| Source Link: https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b | ||
| --- | ||
| doc/html/_static/jquery-3.2.1.js | 3 ++- | ||
| 1 file changed, 2 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/doc/html/_static/jquery-3.2.1.js b/doc/html/_static/jquery-3.2.1.js | ||
| index d2d8ca4..8bbd717 100644 | ||
| --- a/doc/html/_static/jquery-3.2.1.js | ||
| +++ b/doc/html/_static/jquery-3.2.1.js | ||
| @@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() { | ||
| src = target[ name ]; | ||
| copy = options[ name ]; | ||
|
|
||
| + // Prevent Object.prototype pollution | ||
| // Prevent never-ending loop | ||
| - if ( target === copy ) { | ||
| + if ( name === "__proto__" || target === copy ) { | ||
| continue; | ||
| } | ||
|
|
||
| -- | ||
| 2.45.2 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| Summary: Crypto and SSL toolkit for Python | ||
| Name: m2crypto | ||
| Version: 0.38.0 | ||
| Release: 3%{?dist} | ||
| Release: 4%{?dist} | ||
| License: MIT | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Azure Linux | ||
|
|
@@ -10,6 +10,7 @@ URL: https://pypi.python.org/pypi/M2Crypto | |
| Source0: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-%{version}.tar.gz | ||
| Patch0: 0001-skip-test_tls1_nok-which-cant-be-run-in-FIPS.patch | ||
| Patch1: CVE-2020-25657.patch | ||
| Patch2: CVE-2019-11358.patch | ||
|
|
||
| %description | ||
| M2Crypto is a crypto and SSL toolkit for Python | ||
|
|
@@ -57,6 +58,9 @@ pip3 install parameterized | |
| %{python3_sitelib}/* | ||
|
|
||
| %changelog | ||
| * Wed Jan 29 2025 Jyoti Kanase <[email protected]> - 0.38.0-4 | ||
| - Fix CVE-2019-11358 | ||
|
|
||
| * Tue Aug 16 2022 Muhammad Falak <[email protected]> - 0.38.0-3 | ||
| - Patch CVE-2020-25657 | ||
|
|
||
|
|
||