Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 0ca3199d8b90ace0c7f1fe375faf8bafc9adddc0 https://github.com/tribe29/checkmk/commit/0ca3199d8b90ace0c7f1fe375faf8bafc… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-26 (Fri, 26 Aug 2022) Changed paths: A .werks/14483 M Pipfile M Pipfile.lock M omd/packages/python3-modules/python3-modules.make A omd/packages/python3-modules/src/Babel-2.10.3.tar.gz R omd/packages/python3-modules/src/Babel-2.8.0.tar.gz R omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz A omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz R omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz A omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz R omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz A omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz R omd/packages/python3-modules/src/rsa-4.6.tar.gz A omd/packages/python3-modules/src/rsa-4.9.tar.gz Log Message: ----------- 14483 SEC Update dependencies Update various dependencies LI: pyjwt 1.7.1 to 2.4.0: This fixes CVE-2022-29217. Since Checkmk does not validate JWT tokens the vulnerability does not affect Checkmk. LI: Babel 2.8.0 to 2.10.3: This fixes CVE-2021-42771. We could not exploit the vulnerability in our tests. So it is unlikely Checkmk was vulnerable to this vulnerability. LI: PyPDF2 1.26.0 to 2.10.2: This fixes CVE-2022-24859. Checkmk was not vulnerable to this vulnerability, since Checkmk does not parse untrusted PDFs. LI: reportlab 3.5.34 to 3.6.11: This fixes CVE-2020-28463. Checkmk does not use the vulnerable functions and is therefore not affected. LI: rsa 4.6 to 4.9: This fixes CVE-2020-25658. Checkmk does not use rsa directly (transitive dependency). We could not find a method to exploit this vulnerability in Checkmk. Checkmk was not vulnerable to any of those vulnerabilities. Change-Id: I372b66b1efd08d2a4082856c98f37876563e90fc