Revert pyghmi to insecure version
- Pyghmi 1.0.44 uses pycrypto 2.6.1 which has an open CVE against it. - Updating Pyghmi to 1.1.0+ to absorb the change to cryptography breaks functionality in all testing against baremetal IPMI interfaces. - This reversion has minimal risk because the only usage of pycrypto in Drydock is via the Pyghmi library to initiate connections to server IPMI interfaces. Arbitrary user input is not used for any pycrypto arguments. - This is a temporary solution, longterm Drydock will move away from Pyghmi - either to a different IPMI library or to no IPMI support and instead using Redfish. Change-Id: Ie5cd021528f61a3a2c04b156bf60b94b8f42dd5c
This commit is contained in:
parent
b1d24ad254
commit
6697c0f23f
|
@ -1,5 +1,5 @@
|
|||
PyYAML==3.12
|
||||
pyghmi==1.1.0
|
||||
pyghmi==1.0.44
|
||||
netaddr
|
||||
falcon
|
||||
oslo.versionedobjects==1.23.0
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
alembic==0.8.2
|
||||
amqp==2.3.2
|
||||
asn1crypto==0.24.0
|
||||
Babel==2.6.0
|
||||
Beaker==1.9.1
|
||||
cachetools==2.1.0
|
||||
certifi==2018.8.24
|
||||
cffi==1.11.5
|
||||
chardet==3.0.4
|
||||
click==6.7
|
||||
contextlib2==0.5.5
|
||||
cryptography==2.3.1
|
||||
debtcollector==1.20.0
|
||||
defusedxml==0.5.0
|
||||
dnspython==1.15.0
|
||||
|
@ -54,10 +51,10 @@ prettytable==0.7.2
|
|||
psycopg2==2.7.3.1
|
||||
PTable==0.9.2
|
||||
pycadf==2.8.0
|
||||
pycparser==2.18
|
||||
pyghmi==1.1.0
|
||||
pycrypto==2.6.1
|
||||
pyghmi==1.0.44
|
||||
pymongo==3.6.1
|
||||
pyparsing==2.2.0
|
||||
pyparsing==2.2.1
|
||||
python-dateutil==2.7.3
|
||||
python-editor==1.0.3
|
||||
python-keystoneclient==3.17.0
|
||||
|
@ -68,7 +65,7 @@ repoze.lru==0.7
|
|||
requests==2.19.1
|
||||
rfc3986==1.1.0
|
||||
Routes==2.4.1
|
||||
setuptools==40.3.0
|
||||
setuptools==40.4.1
|
||||
six==1.11.0
|
||||
SQLAlchemy==1.2.8
|
||||
statsd==3.3.0
|
||||
|
|
Loading…
Reference in New Issue