From noreply@github.com Wed Jan 15 14:11:55 2020 From: Lars To: checkmk-commits@lists.checkmk.com Subject: [checkmk-commits] [tribe29/checkmk] 70f9f7: CMK-3565: cmk-update-agent.exe: Update to PyInstal... Date: Wed, 15 Jan 2020 05:11:53 -0800 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2099877104866652503==" --===============2099877104866652503== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Branch: refs/heads/1.5.0 Home: https://github.com/tribe29/checkmk Commit: 70f9f733f3f4ff2181f30e95e63a38a248c1a0a7 https://github.com/tribe29/checkmk/commit/70f9f733f3f4ff2181f30e95e63a3= 8a248c1a0a7 Author: Andreas Umbreit Date: 2020-01-15 (Wed, 15 Jan 2020) Changed paths: M agents/windows/frozen_binaries/pyinstaller-deps.make R agents/windows/frozen_binaries/src/pip/PyInstaller-3.3.1.tar.gz A agents/windows/frozen_binaries/src/pip/PyInstaller-3.6.tar.gz A agents/windows/frozen_binaries/src/pip/pywin32_ctypes-0.2.0-py2.py3-non= e-any.whl Log Message: ----------- CMK-3565: cmk-update-agent.exe: Update to PyInstaller 3.6 to fix vulnerabil= ity Change-Id: Ic546c7b85d85d3a401d6aabdadd7fe4f5819bf5c Commit: 1a1fbfdb124841e88b84c4f45e937460a303e9d9 https://github.com/tribe29/checkmk/commit/1a1fbfdb124841e88b84c4f45e937= 460a303e9d9 Author: Andreas Umbreit Date: 2020-01-15 (Wed, 15 Jan 2020) Changed paths: A .werks/10432 Log Message: ----------- 10432 SEC cmk-update-agent.exe: Fix security issue on Windows Recently, a vulnerability of PyInstaller, that we use to compile the cmk-update-agent.exe executable on windows to one file, has been discovered, see here Only the windows version of the cmk-update-agent binary is affected. Unix ver= sions and the python script are not affected. We fix this issue by updating to PyIntaller 3.6. Jira: CMK-3565 Change-Id: Ia3774a8b29057e8d56df7678c3f9afeb39a751f4 Compare: https://github.com/tribe29/checkmk/compare/7509d1fbdf82...1a1fbfdb12= 48 --===============2099877104866652503==--