[Buildroot] [PATCH] package/python-flask-cors: security bump to version 3.0.9

Peter Korsgaard peter at korsgaard.com
Sun Dec 6 22:26:31 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
 >   for Flask) before 3.0.9.  It allows ../ directory traversal to access
 >   private resources because resource matching does not ensure that pathnames
 >   are in a canonical format.

 > Also drop outdated md5 checksum and fix .hash indentation.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x and 2020.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list