Build: #2 failed
Job: Check For Known Vulnerabilities ManyLinux228 Python 3.10 failed
Job result summary
- Completed
- Duration
- 6 minutes
- Agent
- cbt-el7-11.cv.nrao.edu
- Total tests
- 73
Tests
- 73 tests in total
- 4 tests failed
- 4 failures are new
- < 1 second taken in total.
Status | Test | Duration | |
---|---|---|---|
Collapse |
certifi
v_2023_5_7
|
< 1 sec | |
Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. These are in the process of being removed from Mozillas trust store. e-Tugras root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. These are in the process of being removed from Mozillas trust store. e-Tugras root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. |
|||
Collapse |
pillow
v_9_5_0
|
< 1 sec | |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
|||
Collapse |
pip
v_22_3_1
|
< 1 sec | |
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||
Collapse |
urllib3
v_1_26_6
|
< 1 sec | |
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |
Error summary
The build generated some errors. See the full build log for more details.
Error response from daemon: No such container: wheel-container-test
Error response from daemon: No such container: wheel-container-test
fatal: Not a git repository (or any parent up to mount point /export/home/cbt-el7-11)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
cat: /home/casatest/.casa/toolrc.py: No such file or directory
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[notice] A new release of pip available: 22.3.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[notice] A new release of pip available: 22.3.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
Found 9 known vulnerabilities in 4 packages
Cloning into 'casa-build-utils'...
Switched to a new branch 'CAS-14256'
Error response from daemon: No such container: wheel-container-test
fatal: Not a git repository (or any parent up to mount point /export/home/cbt-el7-11)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
cat: /home/casatest/.casa/toolrc.py: No such file or directory
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[notice] A new release of pip available: 22.3.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[notice] A new release of pip available: 22.3.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
Found 9 known vulnerabilities in 4 packages
Cloning into 'casa-build-utils'...
Switched to a new branch 'CAS-14256'