Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
PUBLIC_REPOS
/
buildroot
-ын хуулбар git://git.buildroot.net/buildroot
2
1
Салаа 0
Файлууд
Эх сурвалжийг харах

package/python-starlette: security bump to v0.47.2

For release note, see:
https://github.com/encode/starlette/releases/tag/0.47.2

This fixes the following vulnerability:

- CVE-2025-54121:
    Starlette is a lightweight ASGI (Asynchronous Server Gateway
    Interface) framework/toolkit, designed for building async web services
    in Python. In versions 0.47.1 and below, when parsing a multi-part
    form with large files (greater than the default max spool size)
    starlette will block the main thread to roll the file over to disk.
    This blocks the event thread which means the application can't accept
    new connections. The UploadFile code has a minor bug where instead of
    just checking for self._in_memory, the logic should also check if the
    additional bytes will cause a rollover. The vulnerability is fixed in
    version 0.47.2.
    https://www.cve.org/CVERecord?id=CVE-2025-54121

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Julien: add link to release note]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Titouan Christophe 1 долоо хоног өмнө
parent
1471c9b421
commit
8945ea3e67
2 өөрчлөгдсөн 4 нэмэгдсэн , 4 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 2 2
      package/python-starlette/python-starlette.hash
  2. 2 2
      package/python-starlette/python-starlette.mk

+ 2 - 2
package/python-starlette/python-starlette.hash
Файл харах 

@@ -1,5 +1,5 @@
 
 # md5, sha256 from https://pypi.org/pypi/starlette/json
 
-md5  b876ddd8665f70bb74e45d1fda053699  starlette-0.47.1.tar.gz
 
-sha256  aef012dd2b6be325ffa16698f9dc533614fb1cebd593a906b90dc1025529a79b  starlette-0.47.1.tar.gz
 
+md5  b58c9f8d38df9946689cb3e9f94555da  starlette-0.47.2.tar.gz
 
+sha256  6ae9aa5db235e4846decc1e7b79c4f346adf41e9777aebeb49dfd09bbd7023d8  starlette-0.47.2.tar.gz
 
 # Locally computed sha256 checksums
 
 sha256  dcb95677a02240243187e964f941847d19b17821cf99e5afae684fab328c19bf  LICENSE.md

+ 2 - 2
package/python-starlette/python-starlette.mk
Файл харах 

@@ -4,9 +4,9 @@
 
 #
 
 ################################################################################
 
 
-PYTHON_STARLETTE_VERSION = 0.47.1
 
+PYTHON_STARLETTE_VERSION = 0.47.2
 
 PYTHON_STARLETTE_SOURCE = starlette-$(PYTHON_STARLETTE_VERSION).tar.gz
 
-PYTHON_STARLETTE_SITE = https://files.pythonhosted.org/packages/0a/69/662169fdb92fb96ec3eaee218cf540a629d629c86d7993d9651226a6789b
 
+PYTHON_STARLETTE_SITE = https://files.pythonhosted.org/packages/04/57/d062573f391d062710d4088fa1369428c38d51460ab6fedff920efef932e
 
 PYTHON_STARLETTE_SETUP_TYPE = hatch
 
 PYTHON_STARLETTE_LICENSE = BSD-3-Clause
 
 PYTHON_STARLETTE_LICENSE_FILES = LICENSE.md