Package: python-muranoclient / 0.8.3-4~bpo8+1

Metadata

Package Version Patches format
python-muranoclient 0.8.3-4~bpo8+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
no intersphinx.patch | (download)

doc/source/conf.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 do not use intersphinx
 Intersphinx does network access, which is forbidden during build.
CVE 2016 4972_Use_yaml.SafeLoader_instead_of_yaml.Loader.patch | (download)

muranoclient/common/utils.py | 4 2 + 2 - 0 !
muranoclient/v1/artifact_packages.py | 2 1 + 1 - 0 !
muranoclient/v1/package_creator/hot_package.py | 2 1 + 1 - 0 !
muranoclient/v1/packages.py | 2 1 + 1 - 0 !
releasenotes/notes/safeloader-cve-2016-4972-0e3b733af0d2f49d.yaml | 9 9 + 0 - 0 !
5 files changed, 14 insertions(+), 5 deletions(-)

 use yaml.safeloader instead of yaml.loader
 Before this patch yaml.Loader was used by the client to create custom
 yaql-enabled yaml loader. It is unsfae do to so, because yaml.Loader is
 capable of creating custom python objects from specifically constructed
 yaml files.
 UI parsing functions also fell back to yaml.Loader if
 the custom loader was not supplied.
 After this patch all yaml load operations are performed with safe
 loaders instead.