Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 0ca3199d8b90ace0c7f1fe375faf8bafc9adddc0
https://github.com/tribe29/checkmk/commit/0ca3199d8b90ace0c7f1fe375faf8bafc…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-26 (Fri, 26 Aug 2022)
Changed paths:
A .werks/14483
M Pipfile
M Pipfile.lock
M omd/packages/python3-modules/python3-modules.make
A omd/packages/python3-modules/src/Babel-2.10.3.tar.gz
R omd/packages/python3-modules/src/Babel-2.8.0.tar.gz
R omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz
A omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz
R omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz
A omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz
R omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz
A omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz
R omd/packages/python3-modules/src/rsa-4.6.tar.gz
A omd/packages/python3-modules/src/rsa-4.9.tar.gz
Log Message:
-----------
14483 SEC Update dependencies
Update various dependencies
LI: pyjwt 1.7.1 to 2.4.0: This fixes CVE-2022-29217. Since Checkmk does not
validate JWT tokens the vulnerability does not affect Checkmk.
LI: Babel 2.8.0 to 2.10.3: This fixes CVE-2021-42771. We could not exploit the
vulnerability in our tests. So it is unlikely Checkmk was vulnerable to this
vulnerability.
LI: PyPDF2 1.26.0 to 2.10.2: This fixes CVE-2022-24859. Checkmk was not
vulnerable to this vulnerability, since Checkmk does not parse untrusted PDFs.
LI: reportlab 3.5.34 to 3.6.11: This fixes CVE-2020-28463. Checkmk does not use
the vulnerable functions and is therefore not affected.
LI: rsa 4.6 to 4.9: This fixes CVE-2020-25658. Checkmk does not use rsa
directly (transitive dependency). We could not find a method to exploit this
vulnerability in Checkmk.
Checkmk was not vulnerable to any of those vulnerabilities.
Change-Id: I372b66b1efd08d2a4082856c98f37876563e90fc