Safety CI > happykhan/listentoeverything

dependabot/pip/pyyaml-5.4

3 years, 1 month ago

Bump pyyaml from 5.1 to 5.4 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.1 to 5.4. - [Rele

Sphinx 1.8.1 and twine 1.12.1 have known security vulnerabilities.

Package	Installed	Affected	Info
Sphinx	1.8.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	1.8.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	1.8.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	1.8.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.

master

3 years, 7 months ago

b7e55cca

festival scripts

PyYAML 5.1, Sphinx 1.8.1 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
PyYAML	5.1	<5.4	show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466
PyYAML	5.1	<5.3.1	show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
PyYAML	5.1	>=5.1,<=5.1.2	show PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. See CVE-2019-20477. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Sphinx	1.8.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	1.8.1	<3.0.4	show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.
Sphinx	1.8.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2
Sphinx	1.8.1	<3.3.0	show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417
twine	1.12.1	<2.0.0	show Twine 2.0.0 updates requests to 2.20 (or later) to include a security fix.
PyYAML	5.1	<5.4	show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466
PyYAML	5.1	<5.3.1	show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
PyYAML	5.1	>=5.1,<=5.1.2	show PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. See CVE-2019-20477. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

master

5 years, 1 month ago

6bacba23

Update README.rst