Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update ipython to get a security fix #7578

Merged
merged 1 commit into from Jan 23, 2022
Merged

update ipython to get a security fix #7578

merged 1 commit into from Jan 23, 2022

Conversation

smuzaffar
Copy link
Contributor

GHSA-pq7m-3gw7-gq5x
Vulnerable versions: >= 7.17.0, < 7.31.1
Patched version: 7.31.1
We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.

@smuzaffar
update ipython to get a security fix
d06dc50 
GHSA-pq7m-3gw7-gq5x
Vulnerable versions: >= 7.17.0, < 7.31.1
Patched version: 7.31.1
We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.
@smuzaffar
Copy link
Contributor Author

please test

@cmsbuild
Copy link
Contributor

A new Pull Request was created by @smuzaffar (Malik Shahzad Muzaffar) for branch IB/CMSSW_12_3_X/master.

@smuzaffar, @iarspider can you please review it and eventually sign? Thanks.
@perrotta, @dpiparo, @qliphy you are the release manager for this.
cms-bot commands are listed here

@smuzaffar smuzaffar merged commit 1effa02 into IB/CMSSW_12_3_X/master Jan 23, 2022
@cmsbuild
Copy link
Contributor

+1

Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-18565a/21933/summary.html
COMMIT: d06dc50
CMSSW: CMSSW_12_3_X_2022-01-23-0000/slc7_amd64_gcc10
User test area: For local testing, you can use /cvmfs/cms-ci.cern.ch/week1/cms-sw/cmsdist/7578/21933/install.sh to create a dev area with all the needed externals and cmssw changes.

Comparison Summary

Summary:

  • No significant changes to the logs found
  • Reco comparison results: 5 differences found in the comparisons
  • DQMHistoTests: Total files compared: 43
  • DQMHistoTests: Total histograms compared: 3465668
  • DQMHistoTests: Total failures: 6
  • DQMHistoTests: Total nulls: 0
  • DQMHistoTests: Total successes: 3465640
  • DQMHistoTests: Total skipped: 22
  • DQMHistoTests: Total Missing objects: 0
  • DQMHistoSizes: Histogram memory added: 0.0 KiB( 42 files compared)
  • Checked 181 log files, 42 edm output root files, 43 DQM output files
  • TriggerResults: no differences found

This was referenced Jan 23, 2022
Merged
Merged
@smuzaffar smuzaffar deleted the smuzaffar-patch-2 branch January 25, 2022 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
externals-pending orp-pending pending-signatures tests-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@smuzaffar @cmsbuild