Skip to content

Commit e806263

Browse files
CBL-Mariner-Botjykanase
CBL-Mariner-Bot
and
jykanase
authored
[AUTO-CHERRYPICK] [Medium] patch m2crypto to fix CVE-2019-11358 - branch 3.0-dev (#12195)
Co-authored-by: jykanase <v-jykanase@microsoft.com>
1 parent a0afb4f commit e806263

2 files changed

Lines changed: 33 additions & 1 deletion

File tree

SPECS/m2crypto/CVE-2019-11358.patch

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
From d3e8292d3c2ac5e78ee4f8cf7ea00241335159b4 Mon Sep 17 00:00:00 2001
2+
From: jykanase <v-jykanase@microsoft.com>
3+
Date: Wed, 29 Jan 2025 13:46:24 +0000
4+
Subject: [PATCH] CVE-2019-11358
5+
6+
Source Link: https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
7+
---
8+
doc/html/_static/jquery-3.2.1.js | 3 ++-
9+
1 file changed, 2 insertions(+), 1 deletion(-)
10+
11+
diff --git a/doc/html/_static/jquery-3.2.1.js b/doc/html/_static/jquery-3.2.1.js
12+
index d2d8ca4..8bbd717 100644
13+
--- a/doc/html/_static/jquery-3.2.1.js
14+
+++ b/doc/html/_static/jquery-3.2.1.js
15+
@@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() {
16+
src = target[ name ];
17+
copy = options[ name ];
18+
19+
+ // Prevent Object.prototype pollution
20+
// Prevent never-ending loop
21+
- if ( target === copy ) {
22+
+ if ( name === "__proto__" || target === copy ) {
23+
continue;
24+
}
25+
26+
--
27+
2.45.2
28+

SPECS/m2crypto/m2crypto.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Crypto and SSL toolkit for Python
22
Name: m2crypto
33
Version: 0.38.0
4-
Release: 3%{?dist}
4+
Release: 4%{?dist}
55
License: MIT
66
Vendor: Microsoft Corporation
77
Distribution: Azure Linux
@@ -10,6 +10,7 @@ URL: https://pypi.python.org/pypi/M2Crypto
1010
Source0: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-%{version}.tar.gz
1111
Patch0: 0001-skip-test_tls1_nok-which-cant-be-run-in-FIPS.patch
1212
Patch1: CVE-2020-25657.patch
13+
Patch2: CVE-2019-11358.patch
1314

1415
%description
1516
M2Crypto is a crypto and SSL toolkit for Python
@@ -57,6 +58,9 @@ pip3 install parameterized
5758
%{python3_sitelib}/*
5859

5960
%changelog
61+
* Wed Jan 29 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 0.38.0-4
62+
- Fix CVE-2019-11358
63+
6064
* Tue Aug 16 2022 Muhammad Falak <mwani@microsoft.com> - 0.38.0-3
6165
- Patch CVE-2020-25657
6266

0 commit comments

Comments
 (0)