[Buildroot] [git commit] package/python-flask: security bump to version 3.1.1

Peter Korsgaard peter at korsgaard.com
Fri May 16 11:55:09 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=45439ae262aeb0cf720815c5a7b541467a39a60c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes the following security issues:

- CVE-2025-47278: In Flask 3.1.0, the way fallback key configuration was
    handled resulted in the last fallback key being used for signing,
    rather than the current signing key.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-47278
  - https://github.com/pallets/flask/commit/73d6504063bfa00666a92b07a28aaf906c532f09

For more details on the version bump, see the release notes:
  - https://github.com/pallets/flask/releases/tag/3.1.1

Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/python-flask/python-flask.hash | 4 ++--
 package/python-flask/python-flask.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-flask/python-flask.hash b/package/python-flask/python-flask.hash
index 97982f99d5..17564e8587 100644
--- a/package/python-flask/python-flask.hash
+++ b/package/python-flask/python-flask.hash
@@ -1,6 +1,6 @@
 # md5, sha256 from https://pypi.org/pypi/flask/json
-md5  c95d81666442bf04f7de7db7edbe2aff  flask-3.1.0.tar.gz
-sha256  5f873c5184c897c8d9d1b05df1e3d01b14910ce69607a117bd3277098a5836ac  flask-3.1.0.tar.gz
+md5  59dc1b0772bab098aff83e8008e97af6  flask-3.1.1.tar.gz
+sha256  284c7b8f2f58cb737f0cf1c30fd7eaf0ccfcde196099d24ecede3fc2005aa59e  flask-3.1.1.tar.gz
 # Locally computed sha256 checksums
 sha256  489a8e1108509ed98a37bb983e11e0f7e1d31f0bd8f99a79c8448e7ff37d07ea  LICENSE.txt
 sha256  1e07e9c25f2618a040560b70e63f42259eab24e558d0f3532e6163d751cb4eea  docs/license.rst
diff --git a/package/python-flask/python-flask.mk b/package/python-flask/python-flask.mk
index d44c2e68ef..2269b05d29 100644
--- a/package/python-flask/python-flask.mk
+++ b/package/python-flask/python-flask.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_FLASK_VERSION = 3.1.0
+PYTHON_FLASK_VERSION = 3.1.1
 PYTHON_FLASK_SOURCE = flask-$(PYTHON_FLASK_VERSION).tar.gz
-PYTHON_FLASK_SITE = https://files.pythonhosted.org/packages/89/50/dff6380f1c7f84135484e176e0cac8690af72fa90e932ad2a0a60e28c69b
+PYTHON_FLASK_SITE = https://files.pythonhosted.org/packages/c0/de/e47735752347f4128bcf354e0da07ef311a78244eba9e3dc1d4a5ab21a98
 PYTHON_FLASK_SETUP_TYPE = flit
 PYTHON_FLASK_LICENSE = BSD-3-Clause
 PYTHON_FLASK_LICENSE_FILES = LICENSE.txt docs/license.rst

More information about the buildroot mailing list