From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] supervisor: security bump to version 3.1.4
Date: Thu, 7 Sep 2017 11:44:59 +0200 [thread overview]
Message-ID: <20170907094459.10277-1-peter@korsgaard.com> (raw)
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x
before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote
authenticated users to execute arbitrary commands via a crafted XML-RPC
request, related to nested supervisord namespace lookups.
For more details, see
https://github.com/Supervisor/supervisor/issues/964
While we're at it, add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/supervisor/supervisor.hash | 4 +++-
package/supervisor/supervisor.mk | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/supervisor/supervisor.hash b/package/supervisor/supervisor.hash
index 03f337e7d0..0ebc663be9 100644
--- a/package/supervisor/supervisor.hash
+++ b/package/supervisor/supervisor.hash
@@ -1,2 +1,4 @@
# Locally calculated
-sha256 e32c546fe8d2a6e079ec4819c49fd24534d4075a58af39118d04367918b3c282 supervisor-3.1.3.tar.gz
+sha256 82f75089f719a7a3ca87f35c89a03c20fd3c0912552c96eb6fa40274ced6604e supervisor-3.1.4.tar.gz
+sha256 a85a622378c6a892ead1ce5d0488e446e106bf014d3b763fdbc1ad1ae38ee491 COPYRIGHT.txt
+sha256 27ba0b2357ed6974d755ed53232c5ab8595622b3111bb91682708ea188cc3696 LICENSES.txt
diff --git a/package/supervisor/supervisor.mk b/package/supervisor/supervisor.mk
index 4c62b66feb..9b93b449a7 100644
--- a/package/supervisor/supervisor.mk
+++ b/package/supervisor/supervisor.mk
@@ -4,8 +4,8 @@
#
################################################################################
-SUPERVISOR_VERSION = 3.1.3
-SUPERVISOR_SITE = http://pypi.python.org/packages/source/s/supervisor
+SUPERVISOR_VERSION = 3.1.4
+SUPERVISOR_SITE = https://pypi.python.org/packages/12/50/cd330d1a0daffbbe54803cb0c4c1ada892b5d66db08befac385122858eee
SUPERVISOR_LICENSE = BSD-like, rdflib (http_client.py), PSF (medusa), ZPL-2.1
SUPERVISOR_LICENSE_FILES = COPYRIGHT.txt LICENSES.txt
SUPERVISOR_SETUP_TYPE = setuptools
--
2.11.0
next reply other threads:[~2017-09-07 9:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 9:44 Peter Korsgaard [this message]
2017-09-09 20:49 ` [Buildroot] [PATCH] supervisor: security bump to version 3.1.4 Thomas Petazzoni
2017-09-21 11:18 ` Peter Korsgaard
2017-10-16 21:53 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170907094459.10277-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox