Project

Profile

Help

Backport #8540

pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 (backport 205c903bb22)

Added by alikins 6 months ago. Updated 6 months ago.

Status:
MODIFIED
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Triaged:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 94
Quarter:
Q2-2021

Description

Backport request for 205c903bb2232d7f6fb8291c2f6ab0ba74442f9e into 3.7 branch, maybe others.

CVE-2020-14343 (Improper Input Validation in PyYAML)

pulpcore 3.7 branch (and latest release 3.7.4) have PyYaml dep:

PyYAML>=5.1.1,<5.4.0

which prevents updating to PyYaml 5.4.1


Related issues

Related to Pulp - Issue #8539: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343CLOSED - DUPLICATE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

History

#1 Updated by ggainey 6 months ago

  • Related to Issue #8539: pulpcore 3.7 branch needs PyYAML dep raised to include 5.4.x to fix CVE-2020-14343 added

#2 Updated by ttereshc 6 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc
  • Sprint set to Sprint 94
  • Quarter set to Q2-2021

#3 Updated by pulpbot 6 months ago

  • Status changed from ASSIGNED to POST

#4 Updated by ttereshc 6 months ago

  • Sprint/Milestone set to 3.7.5

#5 Updated by ttereshc 6 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Please register to edit this issue

Also available in: Atom PDF