| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| install-layout.diff | no | |||||
| multiarch-extname.diff | no | |||||
| no-sphinx-rst.linker.diff | no | |||||
| fix-changes-link.diff | no | |||||
| no-SOURCES.txt-in-egg-ingo.diff | =================================================================== | no | ||||
| reproducible.diff | no | |||||
| sorted-requires.diff | no | |||||
| PKG-INFO-output-reproducible.diff | no | |||||
| no-sidebar.diff | no | |||||
| no-sphinx-inline-tabs.diff | no | |||||
| no-sphinx-towncrier.diff | no | |||||
| no-sphinx-jaraco-tidelift.diff | no | |||||
| sphinx-theme.diff | no | |||||
| no-sphinx-custom-icons.diff | no | |||||
| no-sphinx-hoverxref.diff | no | |||||
| CVE-2024-6345.patch | [PATCH 01/10] .. [PATCH 10/10] Modernize package_index VCS handling The issue is a possible remote code execution by supplying malicious URLs in a package index or via the command line. The issue boils down to unsafe use of os.system. Because easy_install and package_index are deprecated, the attack surface is smaller, but it's conceivable through social engineering or minor compromise to a package index could grant remote access. The fix was released in v70.0.0. |
"Jason R. Coombs" <jaraco@jaraco.com> | yes | upstream | https://github.com/pypa/setuptools/pull/4332 | 2024-04-29 |