Mercurial > p > roundup > code

annotate .grype.yaml @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents 73cb61350d3b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7644
974599384dc5 build: disable CVE-2018-20225 pip package shadow
John Rouillard <rouilj@ieee.org>
parents:
diff changeset
1 ignore:
7648
73cb61350d3b build: fix format and remove fix-state.
John Rouillard <rouilj@ieee.org>
parents: 7647
diff changeset
2 - vulnerability: CVE-2018-20225
7645
939ecb42a031 build: try different ID for pip grype error.
John Rouillard <rouilj@ieee.org>
parents: 7644
diff changeset
3 - vulnerability: CVE-2018-20225-pip
Roundup Issue Tracker: http://roundup-tracker.org/