Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2026-01-03 10:40:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Ignore DoS in python stdlib when reading from malicious HTTP server

Browse Source 
Not important enough to risk updating past python 3.11. Will be fixed if
and when there is a fixed version of python 3.11 released.
This commit is contained in:
Kovid Goyal 2025-12-04 15:12:23 +05:30
parent 1b0a7b6c8c
commit bf51250406
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
setup/unix-ci.py
View File

@ -167,8 +167,9 @@ def install_grype() -> str:
IGNORED_DEPENDENCY_CVES = [
# Python stdlib
'CVE-2025-8194', # DoS in tarfile
'CVE-2025-6069', # DoS in HTMLParser
'CVE-2025-8194', # DoS in tarfile
'CVE-2025-6069', # DoS in HTMLParser
'CVE-2025-13836', # DoS in http client reading from malicious server
# glib
'CVE-2025-4056', # Only affects Windows, on which we dont use glib
# libtiff