diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2020-05-20 23:20:18 -0400 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2020-05-20 23:20:18 -0400 |
| commit | 23687bea794a18ff594658e9006457bff7b4a752 (patch) | |
| tree | f276be7b7022102fd4dcd63e6af70d663c3bdcc5 /rust-toolchain | |
| parent | 92c5d132e7bb2f1a174d361168fdd037bbe0a4de (diff) | |
Upgrade vulnerable packages.
* Jinja2: CVE-2019-10906
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
* urllib3: CVE-2019-11324
The urllib3 library before 1.24.2 for Python mishandles certain cases where
the desired set of CA certificates is different from the OS store of CA
certificates, which results in SSL connections succeeding in situations where
a verification failure is the correct outcome. This is related to use of the
ssl_context, ca_certs, or ca_certs_dir argument.
* requests: upgraded as it depends on urllib and restricts versions.
* werkzeug: CVE-2019-14806
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient
debugger PIN randomness because Docker containers share the same machine id.
* gunicorn: No CVE, just good hygiene.
Diffstat (limited to 'rust-toolchain')
0 files changed, 0 insertions, 0 deletions