English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.856161
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2024:1639-1)
Summary:The remote host is missing an update for the 'python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-arcomplete, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict' package(s) announced via the SUSE-SU-2024:1639-1 advisory.
Description:Summary:
The remote host is missing an update for the 'python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-arcomplete, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict' package(s) announced via the SUSE-SU-2024:1639-1 advisory.

Vulnerability Insight:
- :gh:`374`: Correct Towncrier's config entries in the :file:`pyproject.toml` file.
The old entries ``[[tool.towncrier.type]]`` are deprecated and need
to be replaced by ``[tool.towncrier.fragment.]``.
- Deprecations:
- :gh:`372`: Deprecate support for Python 3.6.
Python 3.6 reached its end of life and isn't supported anymore.
At the time of writing (Dec 2022), the lowest version is 3.7.
Although the `poll <[link moved to references]
didn't cast many votes, the majority agree to remove support for
Python 3.6.
- Improved Documentation:
- :gh:`335`: Add new section 'Converting versions between PyPI and semver' the limitations
and possible use cases to convert from one into the other versioning scheme.
- :gh:`340`: Describe how to get version from a file
- :gh:`343`: Describe combining Pydantic with semver in the 'Advanced topic'
section.
- :gh:`350`: Restructure usage section. Create subdirectory 'usage/' and splitted
all section into different files.
- :gh:`351`: Introduce new topics for:
* 'Migration to semver3'
* 'Advanced topics'
- Features:
- :pr:`359`: Add optional parameter ``optional_minor_and_patch`` in :meth:`.Version.parse` to allow optional
minor and patch parts.
- :pr:`362`: Make :meth:`.Version.match` accept a bare version string as match expression, defaulting to
equality testing.
- :gh:`364`: Enhance :file:`pyproject.toml` to make it possible to use the
:command:`pyproject-build` command from the build module.
For more information, see :ref:`build-semver`.
- :gh:`365`: Improve :file:`pyproject.toml`.
* Use setuptools, add metadata. Taken approach from
`A Practical Guide to Setuptools and Pyproject.toml
<[link moved to references].
* Doc: Describe building of semver
* Remove :file:`.travis.yml` in :file:`MANIFEST.in`
(not needed anymore)
* Distinguish between Python 3.6 and others in :file:`tox.ini`
* Add skip_missing_interpreters option for :file:`tox.ini`
* GH Action: Upgrade setuptools and setuptools-scm and test
against 3.11.0-rc.2
- Trivial/Internal Changes:
- :gh:`378`: Fix some typos in Towncrier configuration

- switch to the tagged version rather than a gh branch tarball

- fix support for Python 3.10 with update to development version:
- update to revision g4d2df08:
- Changes for the upcoming release can be found in:
- the `'changelog.d' directory <[link moved to references]:
- in our repository.:
- update to version 3.0.0-dev.2:
- Deprecations:
- :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``.
- Features:
- :gh:`169`: Create semver package and split code among different modules in the packages.
* Remove :file:`semver.py`
* Create :file:`src/semver/__init__.py`
* Create :file:`src/semver/cli.py` for all CLI methods
* Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions
* Create :file:`src/semver/__main__.py` to allow ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-arcomplete, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-28858
https://github.com/redis/redis-py/compare/v4.3.5...v4.3.6
https://github.com/redis/redis-py/compare/v4.4.2...v4.4.3
https://github.com/redis/redis-py/compare/v4.5.2...v4.5.3
https://github.com/redis/redis-py/issues/2624
https://github.com/redis/redis-py/pull/2641
https://openai.com/blog/march-20-chatgpt-outage
Common Vulnerability Exposure (CVE) ID: CVE-2023-28859
https://github.com/redis/redis-py/issues/2665
https://github.com/redis/redis-py/pull/2666
https://github.com/redis/redis-py/releases/tag/v4.4.4
https://github.com/redis/redis-py/releases/tag/v4.5.4
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.