search

ManageIQ / manageiq-appliance-build

Scripts to build ManageIQ appliances
Apache License 2.0
10 stars 55 forks source link

[OPARIN] Bump oauthlib to 3.2.1 for CVE-2022-36087 #531

Closed Fryguy closed 1 year ago

Fryguy commented 1 year ago

I'm not comfortable backporting https://github.com/ManageIQ/manageiq-appliance-build/pull/523 just yet, so this is a selective update of oauthlib to drop CVE-2022-36087

Fryguy commented 1 year ago

Backported to najdorf in commit b880eb76b666dd4ca7920a625d80bda09988512a.

commit b880eb76b666dd4ca7920a625d80bda09988512a
Author: Adam Grare <adam@grare.com>
Date:   Fri Sep 30 15:43:46 2022 -0400

    Merge pull request #531 from Fryguy/bump_oauthlib

    [OPARIN] Bump oauthlib to 3.2.1 for CVE-2022-36087

    (cherry picked from commit 93159d7e4771745967664d6e658ec0d3926f71b9)
Fryguy commented 1 year ago

Backported to morphy in commit fc983b11b2abbc4ab9fe61ae77c19526fe89724c.

commit fc983b11b2abbc4ab9fe61ae77c19526fe89724c
Author: Adam Grare <adam@grare.com>
Date:   Fri Sep 30 15:43:46 2022 -0400

    Merge pull request #531 from Fryguy/bump_oauthlib

    [OPARIN] Bump oauthlib to 3.2.1 for CVE-2022-36087

    (cherry picked from commit 93159d7e4771745967664d6e658ec0d3926f71b9)