Project

Profile

Help

Issue #8539

closed

pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343

Added by alikins over 3 years ago. Updated over 3 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

CVE-2020-14343 (Improper Input Validation in PyYAML)

pulpcore 3.7 branch (and latest release 3.7.4) have PyYaml dep:

PyYAML>=5.1.1,<5.4.0

which prevents updating to PyYaml 5.4.1


Related issues

Related to Pulp - Backport #8540: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 (backport 205c903bb22)MODIFIEDttereshc

Actions
Actions #1

Updated by ggainey over 3 years ago

  • Related to Backport #8540: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 (backport 205c903bb22) added
Actions #2

Updated by ggainey over 3 years ago

  • Status changed from NEW to CLOSED - DUPLICATE

Closed as dup 8540

Also available in: Atom PDF