On Fri May 8, 2026 at 1:01 AM CEST, Yoann Congal wrote:
> On Mon Apr 27, 2026 at 8:04 AM CEST, Jiaying (CN) Song wrote:
>> Hi Yoann, 
>>
>> This patch is for scarthgap where pyasn1 is at 0.5.1. The 0.6.2 -> 0.6.3 
>> upgrade would only apply to master. According to 
>> https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r , 
>> all versions <= 0.6.2 are affected, so for scarthgap, this patch is still 
>> needed to fix the CVE.
>
> Yes, agreed but the trouble was that is was not fixed on master and,
> therefore, could not be fixed on scarthgap.
>
> Now the situation has changed, it is fixed on master by upgrading to
> 0.6.3 but wrynose is now vulnerable.
> Can you send a fix to wrynose? I can't merge a fix to scarthgap without
> one for wrynose.

Hello,

I will now drop this patch. If the above situation changes, please send
a new patch.

Regards,
-- 
Yoann Congal
Smile ECS

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240239): 
https://lists.openembedded.org/g/openembedded-core/message/240239
Mute This Topic: https://lists.openembedded.org/mt/118738401/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to