Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

lava-docker: CVE in python requests package

Description

We should upgrade to the latest python requests package (pip install --upgrade) in our lava-docker images to be sure to have the fix for this CVE.

 

CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074

Environment

None

is blocked by

Activity

Show:

Corentin Labbe 
December 17, 2018 at 3:48 PM

Fixed with 2018.11 images

Corentin Labbe 
December 3, 2018 at 2:36 PM
(edited)

2018.11 is out. I have tagged and pushed baylibre/lava-slave-base:2018.11-1_bpo9_1 and baylibre/lava-slave-base:2018.11-1_bpo9_1

I wait a bit more before tagging them as latest

Corentin Labbe 
November 9, 2018 at 8:21 AM

Upstream LAVA will release 2018.11 next week. i will generate docker base images with fix in the same time.

Fixed

Details

Assignee

Reporter

Labels

Contract ID

Components

Priority

Parent

Created November 8, 2018 at 3:25 PM
Updated January 23, 2019 at 3:31 AM
Resolved December 17, 2018 at 3:48 PM

Flag notifications