From 94c7d2765f9cc06def5142d0bb32058704bfb212 Mon Sep 17 00:00:00 2001
From: Jordan Williams <jordan@jwillikers.com>
Date: Sat, 30 Mar 2024 07:52:46 -0500
Subject: [PATCH] cpython: Downgrade xz_utils to mitigate CVE-2024-3094
 (#23313)

See #23310.
---
 recipes/cpython/all/conanfile.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes/cpython/all/conanfile.py b/recipes/cpython/all/conanfile.py
index 160fe6920a426..2c579fc71772b 100644
--- a/recipes/cpython/all/conanfile.py
+++ b/recipes/cpython/all/conanfile.py
@@ -134,7 +134,7 @@ def requirements(self):
             # https://github.com/python/cpython/blob/v3.10.13/Include/py_curses.h#L34
             self.requires("ncurses/6.4", transitive_headers=True, transitive_libs=True)
         if self.options.get_safe("with_lzma", False):
-            self.requires("xz_utils/5.6.1")
+            self.requires("xz_utils/5.4.5")
 
     def package_id(self):
         del self.info.options.env_vars
@@ -224,7 +224,7 @@ def _generate_autotools(self):
 
     def generate(self):
         VirtualRunEnv(self).generate(scope="build")
-        
+
         if is_msvc(self):
             # The msbuild generator only works with Visual Studio
             deps = MSBuildDeps(self)