[Bug 1177083] New: python-aliyun-python-sdk-core package ships a vendored python-requests package - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 1198731] libmount: when...

[Bug 1177083] New: python-aliyun-python-sdk-core package ships a vendored python-requests package

older
[Bug 1206497] Installation with...

bugzilla_noreply＠suse.com

29 Sep 2020 29 Sep '20

10:48

https://bugzilla.suse.com/show_bug.cgi?id=1177083 Bug ID: 1177083 Summary: python-aliyun-python-sdk-core package ships a vendored python-requests package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Cloud:Tools Assignee: public-cloud-maintainers@suse.de Reporter: adrian.glaubitz@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The python-aliyun-python-sdk-core ships a vendored version of the python-requests package which should be removed in the next version update to avoid hidden vulnerabilities in the embedded version of python-requests as well as avoid code duplicity. -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.4 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠suse.com

29 Sep 29 Sep

10:48

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 John Paul Adrian Glaubitz changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|public-cloud-maintainers@su |adrian.glaubitz@suse.com |se.de | -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10 Feb 10 Feb

12:39

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 John Paul Adrian Glaubitz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

15 Feb 15 Feb

09:51

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c1 --- Comment #1 from John Paul Adrian Glaubitz --- Package update fixing this bug has been submitted to d:l:p:aliyun now: https://build.opensuse.org/request/show/871805 (along with 220 additional updates). -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

29 Mar 29 Mar

14:28

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c2 --- Comment #2 from John Paul Adrian Glaubitz --- This has been fixed in Cloud:Tools but not yet in SLE-15. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

15 Jun 15 Jun

14:35

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c3 --- Comment #3 from John Paul Adrian Glaubitz --- I have prepared an update to the Alibaba SDK for Python in SLE-15-SP1:

https://build.suse.de/project/show/home:glaubitz:staging20:SUSE-SLE-15-SP1:U...

It involves updating python-cryptography and python-cryptography-vectors to version 2.9.2:

https://build.suse.de/project/show/home:glaubitz:staging21:SUSE-SLE-15-SP1:U...

I have verified (with basic tests) that the updated SDK works properly on SLE-15. I just need to adjust the changelogs. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

18 Jun 18 Jun

12:48

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c4 --- Comment #4 from John Paul Adrian Glaubitz --- Packages are ready now. Just waiting for the ECO to be accepted. Then submission changelog entries will be added in an automated fashion and packages will be submitted. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

18 Aug 18 Aug

05:49

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 Jeffrey Cheung changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jcheung@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

17 Nov 17 Nov

11:24

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c7 --- Comment #7 from Swamp Workflow Management --- SUSE-SU-2022:4044-1: An update that solves one vulnerability, contains four features and has three fixes is now available. Category: security (important) Bug References: 1101820,1149792,1176785,1177083 CVE References: CVE-2018-10903 JIRA References: ECO-3105,PM-2352,PM-2730,SLE-18312 Sources used: openSUSE Leap Micro 5.2 (src): python-cryptography-2.9.2-150200.13.1 openSUSE Leap 15.3 (src): python-cryptography-2.9.2-150200.13.1, python-cryptography-vectors-2.9.2-150200.3.3.1 SUSE Manager Server 4.1 (src): python-cryptography-2.9.2-150200.13.1 SUSE Manager Retail Branch Server 4.1 (src): python-cryptography-2.9.2-150200.13.1 SUSE Manager Proxy 4.1 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Module for Python2 15-SP3 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Micro 5.2 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise Micro 5.1 (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): python-cryptography-2.9.2-150200.13.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): python-cryptography-2.9.2-150200.13.1 SUSE Enterprise Storage 7 (src): python-cryptography-2.9.2-150200.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

19 Dec 19 Dec

17:35

New subject: [Bug 1177083] python-aliyun-python-sdk-core package ships a vendored python-requests package

https://bugzilla.suse.com/show_bug.cgi?id=1177083 https://bugzilla.suse.com/show_bug.cgi?id=1177083#c8 --- Comment #8 from Swamp Workflow Management --- SUSE-RU-2022:4567-1: An update that has one recommended fix and contains four features can now be installed. Category: recommended (critical) Bug References: 1177083 CVE References: JIRA References: ECO-3329,PM-2475,PM-2730,SLE-18312 Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src): python-cryptography-vectors-2.9.2-150000.3.7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 SUSE Enterprise Storage 6 (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 SUSE CaaS Platform 4.0 (src): python-bcrypt-3.1.4-150100.6.2.1, python-cffi-1.15.0-150000.4.11.2, python-cryptography-2.9.2-150100.7.8.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

503

Age (days ago)

1314

Last active (days ago)

Download

9 comments

1 participants

tags

participants (1)

bugzilla_noreply＠suse.com