Message ID | 20240105194343.1832287-1-trini@konsulko.com |
---|---|
State | Accepted |
Commit | a300ac3851440906a3934915bd12db2b96987a6a |
Delegated to: | Tom Rini |
Headers | show |
Series | test.py: Update pycryptodomex to address CVE-2023-52323 | expand |
On Fri, Jan 05, 2024 at 02:43:43PM -0500, Tom Rini wrote: > The version of pycryptodomex that we use is vulnerable to this CVE. > While not likely an issue for us, let us upgrade to be on the safe side. > > Reported-by: GitHub dependabot > Signed-off-by: Tom Rini <trini@konsulko.com> Applied to u-boot/master, thanks!
diff --git a/test/py/requirements.txt b/test/py/requirements.txt index f7e76bdb9181..07348b61596f 100644 --- a/test/py/requirements.txt +++ b/test/py/requirements.txt @@ -12,7 +12,7 @@ packaging==21.3 pbr==5.4.3 pluggy==0.13.0 py==1.10.0 -pycryptodomex==3.9.8 +pycryptodomex==3.19.1 pyelftools==0.27 pygit2==1.9.2 pyparsing==3.0.7
The version of pycryptodomex that we use is vulnerable to this CVE. While not likely an issue for us, let us upgrade to be on the safe side. Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com> --- test/py/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)