aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2020-11-18 16:47:42 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-11-20 18:18:30 +0100
commitc356b20ba8afa79b08fc3d30a1c3f60d9f3c6f65 (patch)
tree5fe133b839c27afbf4ba7b129b9b4b23de1d9aab
parentff60c4c533096f8fd69c31d9f57ed1daa596d08a (diff)
downloadbuildroot-c356b20ba8afa79b08fc3d30a1c3f60d9f3c6f65.tar.gz
buildroot-c356b20ba8afa79b08fc3d30a1c3f60d9f3c6f65.tar.bz2
package/python-flask-cors: security bump to version 3.0.9
Fixes the following security issue: - CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. Also drop outdated md5 checksum and fix .hash indentation. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/python-flask-cors/python-flask-cors.hash7
-rw-r--r--package/python-flask-cors/python-flask-cors.mk4
2 files changed, 5 insertions, 6 deletions
diff --git a/package/python-flask-cors/python-flask-cors.hash b/package/python-flask-cors/python-flask-cors.hash
index a893b7c890..15b7d41a32 100644
--- a/package/python-flask-cors/python-flask-cors.hash
+++ b/package/python-flask-cors/python-flask-cors.hash
@@ -1,5 +1,4 @@
-# md5, sha256 from https://pypi.org/pypi/flask-cors/json
-md5 551cc4c0305a171d28caa2b3bc838867 Flask-Cors-3.0.8.tar.gz
-sha256 72170423eb4612f0847318afff8c247b38bd516b7737adfc10d1c2cdbb382d16 Flask-Cors-3.0.8.tar.gz
+# sha256 from https://pypi.org/pypi/flask-cors/json
+sha256 6bcfc100288c5d1bcb1dbb854babd59beee622ffd321e444b05f24d6d58466b8 Flask-Cors-3.0.9.tar.gz
# Locally computed sha256 checksums
-sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE
+sha256 6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d LICENSE
diff --git a/package/python-flask-cors/python-flask-cors.mk b/package/python-flask-cors/python-flask-cors.mk
index 60454e27c4..d712109002 100644
--- a/package/python-flask-cors/python-flask-cors.mk
+++ b/package/python-flask-cors/python-flask-cors.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_FLASK_CORS_VERSION = 3.0.8
+PYTHON_FLASK_CORS_VERSION = 3.0.9
PYTHON_FLASK_CORS_SOURCE = Flask-Cors-$(PYTHON_FLASK_CORS_VERSION).tar.gz
-PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/9e/11/ca8b95c5bf9644471601e425f0de8cbd09a506bb6c24842cb17a6cd1eea8
+PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/99/fc/cd117ea122e28037a5ec60356a7ffae8b77af527713f7b5e4eb63089f669
PYTHON_FLASK_CORS_SETUP_TYPE = setuptools
PYTHON_FLASK_CORS_LICENSE = MIT
PYTHON_FLASK_CORS_LICENSE_FILES = LICENSE