Project

Profile

Help

Issue #8539

pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343

Added by alikins about 1 month ago. Updated about 1 month ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

CVE-2020-14343 (Improper Input Validation in PyYAML)

pulpcore 3.7 branch (and latest release 3.7.4) have PyYaml dep:

PyYAML>=5.1.1,<5.4.0

which prevents updating to PyYaml 5.4.1


Related issues

Related to Pulp - Backport #8540: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 (backport 205c903bb22)MODIFIED

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

History

#1 Updated by ggainey about 1 month ago

  • Related to Backport #8540: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 (backport 205c903bb22) added

#2 Updated by ggainey about 1 month ago

  • Status changed from NEW to CLOSED - DUPLICATE

Closed as dup 8540

Please register to edit this issue

Also available in: Atom PDF