Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rune/sgx-tools: fix CVE-2019-11254 #1308

Open
haosanzi opened this issue Aug 25, 2021 · 0 comments
Open

rune/sgx-tools: fix CVE-2019-11254 #1308

haosanzi opened this issue Aug 25, 2021 · 0 comments
Assignees
@haosanzi
Labels
epic New feature to develop gating medium The additional priority medium for the specified entity
Projects
rune development
Milestone
0.7.0

Comments

@haosanzi
Copy link
Collaborator

Need to update gopkg.in/yaml.v2 up to 2.2.8 to fix CVE-2019-11254,
rune/sgx-tools depends on github.com/urfave/cli v1.22.1, github.com/urfave/cli v1.22.1 depends on gopkg.in/yaml.v2 v2.2.2.

However the latested github.com/urfave/cli depends on gopkg.in/yaml.v2 v2.2.3 which has CVE-2019-11254.
In addition, urfave/cli must be <= v1.22.1 due to a regression: urfave/cli#1092.
@haosanzi haosanzi added bug Something isn't working medium The additional priority medium for the specified entity labels Aug 25, 2021
@haosanzi haosanzi added this to the 0.6.4 milestone Aug 25, 2021
@haosanzi haosanzi added this to To do in rune development via automation Aug 25, 2021
@jiazhang0 jiazhang0 assigned haosanzi and unassigned jiazhang0 Aug 31, 2021
@haosanzi haosanzi modified the milestones: 0.6.4, 0.7.0 Sep 1, 2021
@jiazhang0 jiazhang0 added epic New feature to develop and removed bug Something isn't working labels Sep 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haosanzi haosanzi

Labels
epic New feature to develop gating medium The additional priority medium for the specified entity
Projects
rune development
To do
Milestone
0.7.0
Development

No branches or pull requests
2 participants
@jiazhang0 @haosanzi