import UBI python3.12-PyMySQL-1.1.0-3.el8_10
This commit is contained in:
parent
47f6dbb4d4
commit
6098227da9
17
SOURCES/CVE-2024-36039.patch
Normal file
17
SOURCES/CVE-2024-36039.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/pymysql/converters.py b/pymysql/converters.py
|
||||
index 1adac75..dbf97ca 100644
|
||||
--- a/pymysql/converters.py
|
||||
+++ b/pymysql/converters.py
|
||||
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
|
||||
|
||||
|
||||
def escape_dict(val, charset, mapping=None):
|
||||
- n = {}
|
||||
- for k, v in val.items():
|
||||
- quoted = escape_item(v, charset, mapping)
|
||||
- n[k] = quoted
|
||||
- return n
|
||||
+ raise TypeError("dict can not be used as parameter")
|
||||
|
||||
|
||||
def escape_sequence(val, charset, mapping=None):
|
@ -5,7 +5,7 @@
|
||||
|
||||
Name: python%{python3_pkgversion}-%{pypi_name}
|
||||
Version: 1.1.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Pure-Python MySQL client library
|
||||
|
||||
License: MIT
|
||||
@ -13,6 +13,11 @@ URL: https://pypi.python.org/pypi/%{pypi_name}/
|
||||
Source0: %pypi_source
|
||||
Source1: setup.py
|
||||
|
||||
# Security fix for CVE-2024-36039: SQL injection if used with untrusted JSON input
|
||||
# Resolved upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
|
||||
# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2282821
|
||||
Patch0: CVE-2024-36039.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python%{python3_pkgversion}-devel
|
||||
@ -35,7 +40,7 @@ and Jython.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -qn %{pypi_name}-%{version}
|
||||
%autosetup -n %{pypi_name}-%{version} -p1
|
||||
rm -rf %{pypi_name}.egg-info
|
||||
# Remove tests files so they are not installed globally.
|
||||
rm -rf tests
|
||||
@ -62,6 +67,10 @@ cp %{SOURCE1} .
|
||||
%{python3_sitelib}/pymysql/
|
||||
|
||||
%changelog
|
||||
* Fri May 31 2024 Charalampos Stratakis <cstratak@redhat.com> - 1.1.0-3
|
||||
- Security fix for CVE-2024-36039
|
||||
Resolves: RHEL-38366
|
||||
|
||||
* Tue Jan 23 2024 Miro Hrončok <mhroncok@redhat.com> - 1.1.0-2
|
||||
- Rebuilt for timestamp .pyc invalidation mode
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user