[PATCH 3/4] drm/ci: Upgrade idna requirement to 3.7
WangYuli
wangyuli at uniontech.com
Wed Sep 18 13:06:42 UTC 2024
GitHub Dependabot has issued the following alert:
"build(deps): bump idna from 3.4 to 3.7 in /drivers/gpu/drm/ci/xfails.
A specially crafted argument to the function could consume
significant resources. This may lead to a denial-of-service.
The function has been refined to reject such strings without the
associated resource consumption in version 3.7.
Severity: 6.9 / 10 (Moderate)
Attack vector: Local
Attack complexity: Low
Attack Requirements: None
Privileges required: None
User interaction: None
Confidentiality: None
Integrity: None
Availability: High
CVE ID: CVE-2024-3651"
To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.
Link: https://github.com/dependabot
Link: https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb
Signed-off-by: WangYuli <wangyuli at uniontech.com>
---
drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index f69b58356a37..8b2b1fa16614 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -4,7 +4,7 @@ termcolor==2.3.0
# ci-collate dependencies
certifi==2023.7.22
charset-normalizer==3.2.0
-idna==3.4
+idna==3.7
pip==23.3
python-gitlab==3.15.0
requests==2.32.0
--
2.45.2
More information about the dri-devel
mailing list