lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <B855B90C2EECA04E+20241017034004.113456-4-wangyuli@uniontech.com>
Date: Thu, 17 Oct 2024 11:39:51 +0800
From: WangYuli <wangyuli@...ontech.com>
To: helen.koike@...labora.com,
	maarten.lankhorst@...ux.intel.com,
	mripard@...nel.org,
	tzimmermann@...e.de,
	airlied@...il.com,
	simona@...ll.ch,
	wangyuli@...ontech.com,
	david.heidelberg@...labora.com
Cc: dri-devel@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org,
	guanwentao@...ontech.com,
	zhanjun@...ontech.com
Subject: [RESEND. PATCH 4/5] drm/ci: Upgrade idna requirement to 3.7

GitHub Dependabot has issued the following alert:

"build(deps): bump idna from 3.4 to 3.7 in /drivers/gpu/drm/ci/xfails.

 A specially crafted argument to the function could consume
 significant resources. This may lead to a denial-of-service.

 The function has been refined to reject such strings without the
 associated resource consumption in version 3.7.

 Severity: 6.9 / 10 (Moderate)
 Attack vector:          Local
 Attack complexity:        Low
 Attack Requirements:     None
 Privileges required:     None
 User interaction:        None
 Confidentiality:         None
 Integrity:               None
 Availability:            High
 CVE ID:         CVE-2024-3651"

To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.

Link: https://github.com/dependabot
Link: https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb
Signed-off-by: WangYuli <wangyuli@...ontech.com>
---
 drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index f69b58356a37..8b2b1fa16614 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -4,7 +4,7 @@ termcolor==2.3.0
 # ci-collate dependencies
 certifi==2023.7.22
 charset-normalizer==3.2.0
-idna==3.4
+idna==3.7
 pip==23.3
 python-gitlab==3.15.0
 requests==2.32.0
-- 
2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ