package/python-paramiko: security bump to version 2.10.3
Fix CVE-2022-24302: Creation of new private key files using PKey subclasses was subject to a race condition between file creation & mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files. https://github.com/paramiko/paramiko/blob/2.10.3/sites/www/changelog.rst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
Peter Korsgaard
parent
a7fa40a9c1
commit
ae699d7f9a
package/python-paramiko
@ -1,5 +1,5 @@
|
||||
# md5, sha256 from https://pypi.org/pypi/paramiko/json
|
||||
md5 44136d79da4cd7619e368018ad022619 paramiko-2.7.2.tar.gz
|
||||
sha256 7f36f4ba2c0d81d219f4595e35f70d56cc94f9ac40a6acdf51d6ca210ce65035 paramiko-2.7.2.tar.gz
|
||||
md5 6e47947882e2c1b81f35b4133e8e62b9 paramiko-2.10.3.tar.gz
|
||||
sha256 ddb1977853aef82804b35d72a0e597b244fa326c404c350bd00c5b01dbfee71a paramiko-2.10.3.tar.gz
|
||||
# Locally computed sha256 checksums
|
||||
sha256 5fa25bf5f395fd26e701c2e1de4ca7d162816986dc791c22f8f4226857ad1bb2 LICENSE
|
||||
|
||||
@ -4,9 +4,9 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
PYTHON_PARAMIKO_VERSION = 2.7.2
|
||||
PYTHON_PARAMIKO_VERSION = 2.10.3
|
||||
PYTHON_PARAMIKO_SOURCE = paramiko-$(PYTHON_PARAMIKO_VERSION).tar.gz
|
||||
PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/cf/a1/20d00ce559a692911f11cadb7f94737aca3ede1c51de16e002c7d3a888e0
|
||||
PYTHON_PARAMIKO_SITE = https://files.pythonhosted.org/packages/d4/93/1a1eb7f214e6774099d56153db9e612f93cb8ffcdfd2eca243fcd5bb3a78
|
||||
PYTHON_PARAMIKO_SETUP_TYPE = setuptools
|
||||
PYTHON_PARAMIKO_LICENSE = LGPL-2.1+
|
||||
PYTHON_PARAMIKO_LICENSE_FILES = LICENSE
|
||||
|
||||
Loading…
Reference in New Issue
Block a user