Build: #2 failed
Job: Check For Known Vulnerabilities ManyLinux228 Python 3.10 failed
Test results
- 73 tests in total
- 4 tests failed
- 4 failures are new
- < 1 second taken in total.
Build 2 has the following 4 errors: 4 new failure(s) occurred since the previous build.
Status | Test | Duration | |
---|---|---|---|
Collapse |
certifi
v_2023_5_7
|
< 1 sec | |
Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. These are in the process of being removed from Mozillas trust store. e-Tugras root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. These are in the process of being removed from Mozillas trust store. e-Tugras root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. |
|||
Collapse |
pillow
v_9_5_0
|
< 1 sec | |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
|||
Collapse |
pip
v_22_3_1
|
< 1 sec | |
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||
Collapse |
urllib3
v_1_26_6
|
< 1 sec | |
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |