From 0268f701d7c354afff13f81f084dd891e00ae4a9 Mon Sep 17 00:00:00 2001 From: "github.actions" Date: Fri, 22 Dec 2023 08:04:23 +0000 Subject: [PATCH] Latest data: Fri Dec 22 08:04:23 UTC 2023 --- audits/ansible-requirements.audit.json | 38 ++++++++++++++++++- audits/azure-cli-requirements.audit.json | 38 ++++++++++++++++++- audits/duplicity-requirements.audit.json | 38 ++++++++++++++++++- audits/fdroidserver-requirements.audit.json | 38 ++++++++++++++++++- audits/flintrock-requirements.audit.json | 38 ++++++++++++++++++- audits/ssh-mitm-requirements.audit.json | 38 ++++++++++++++++++- .../cloudformation-cli-requirements.txt | 29 +++++++------- requirements/mypy-requirements.txt | 2 +- requirements/sceptre-requirements.txt | 12 +++--- requirements/tmuxp-requirements.txt | 2 +- 10 files changed, 244 insertions(+), 29 deletions(-) diff --git a/audits/ansible-requirements.audit.json b/audits/ansible-requirements.audit.json index d2c4a2ea..a97997b9 100644 --- a/audits/ansible-requirements.audit.json +++ b/audits/ansible-requirements.audit.json @@ -94,7 +94,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -336,6 +336,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -448,10 +460,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -532,6 +556,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -576,6 +604,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -592,6 +624,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/audits/azure-cli-requirements.audit.json b/audits/azure-cli-requirements.audit.json index d55c191e..271ec869 100644 --- a/audits/azure-cli-requirements.audit.json +++ b/audits/azure-cli-requirements.audit.json @@ -148,7 +148,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -390,6 +390,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -502,10 +514,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -586,6 +610,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -630,6 +658,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -646,6 +678,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/audits/duplicity-requirements.audit.json b/audits/duplicity-requirements.audit.json index ba0ae2dd..05b72eee 100644 --- a/audits/duplicity-requirements.audit.json +++ b/audits/duplicity-requirements.audit.json @@ -7,7 +7,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -249,6 +249,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -361,10 +373,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -445,6 +469,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -489,6 +517,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -505,6 +537,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/audits/fdroidserver-requirements.audit.json b/audits/fdroidserver-requirements.audit.json index 96ee87c6..118b769a 100644 --- a/audits/fdroidserver-requirements.audit.json +++ b/audits/fdroidserver-requirements.audit.json @@ -7,7 +7,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -249,6 +249,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -361,10 +373,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -445,6 +469,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -489,6 +517,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -505,6 +537,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/audits/flintrock-requirements.audit.json b/audits/flintrock-requirements.audit.json index 96ee87c6..118b769a 100644 --- a/audits/flintrock-requirements.audit.json +++ b/audits/flintrock-requirements.audit.json @@ -7,7 +7,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -249,6 +249,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -361,10 +373,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -445,6 +469,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -489,6 +517,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -505,6 +537,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/audits/ssh-mitm-requirements.audit.json b/audits/ssh-mitm-requirements.audit.json index 96ee87c6..118b769a 100644 --- a/audits/ssh-mitm-requirements.audit.json +++ b/audits/ssh-mitm-requirements.audit.json @@ -7,7 +7,7 @@ }, "vulnerabilities": [ { - "modified": "2023-12-20T18:35:41Z", + "modified": "2023-12-21T16:10:50Z", "published": "2023-12-18T19:22:09Z", "schema_version": "1.6.0", "id": "GHSA-45x7-px36-x8w8", @@ -249,6 +249,18 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, + { + "type": "WEB", + "url": "https://github.com/apache/mina-sshd/issues/445" + }, + { + "type": "WEB", + "url": "https://github.com/hierynomus/sshj/issues/916" + }, + { + "type": "WEB", + "url": "https://github.com/janmojzis/tinyssh/issues/81" + }, { "type": "WEB", "url": "https://github.com/mwiede/jsch/issues/457" @@ -361,10 +373,22 @@ "type": "WEB", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, + { + "type": "WEB", + "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" + }, { "type": "WEB", "url": "https://github.com/openssh/openssh-portable/commits/master" }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" + }, + { + "type": "WEB", + "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" + }, { "type": "WEB", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" @@ -445,6 +469,10 @@ "type": "WEB", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" + }, { "type": "WEB", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" @@ -489,6 +517,10 @@ "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" + }, { "type": "WEB", "url": "https://www.paramiko.org/changelog.html" @@ -505,6 +537,10 @@ "type": "WEB", "url": "https://www.terrapin-attack.com" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" + }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" diff --git a/requirements/cloudformation-cli-requirements.txt b/requirements/cloudformation-cli-requirements.txt index 12ea0c0d..fe8cdf75 100644 --- a/requirements/cloudformation-cli-requirements.txt +++ b/requirements/cloudformation-cli-requirements.txt @@ -1,18 +1,18 @@ annotated-types==0.6.0 attrs==23.1.0 -aws-sam-translator==1.79.0 -boto3==1.28.71 -botocore==1.31.71 +aws-sam-translator==1.82.0 +boto3==1.34.5 +botocore==1.34.5 cfn-flip==1.3.0 -cfn-lint==0.83.0 -charset-normalizer==3.3.1 -cloudformation-cli-go-plugin==2.0.4 +cfn-lint==0.83.6 +charset-normalizer==3.3.2 +cloudformation-cli-go-plugin==2.2.0 cloudformation-cli-java-plugin==2.0.18 cloudformation-cli-python-plugin==2.1.8 colorama==0.4.6 -docker==6.1.3 -hypothesis==6.88.1 -idna==3.4 +docker==7.0.0 +hypothesis==6.92.1 +idna==3.6 iniconfig==2.0.0 jinja2==3.1.2 jmespath==1.0.1 @@ -24,12 +24,12 @@ jsonschema==4.17.3 junit-xml==1.9 mpmath==1.3.0 nested-lookup==0.2.25 -networkx==3.2 +networkx==3.2.1 ordered-set==4.1.0 -pbr==5.11.1 +pbr==6.0.0 pluggy==1.3.0 -pydantic==2.4.2 -pydantic-core==2.10.1 +pydantic==2.5.2 +pydantic-core==2.14.5 pyrsistent==0.20.0 pytest==7.4.3 pytest-localserver==0.8.1 @@ -37,12 +37,11 @@ pytest-random-order==1.1.0 python-dateutil==2.8.2 regex==2023.10.3 requests==2.31.0 -s3transfer==0.7.0 +s3transfer==0.9.0 sarif-om==1.0.4 semver==3.0.2 sortedcontainers==2.4.0 sympy==1.12 types-dataclasses==0.6.6 urllib3==2.0.7 -websocket-client==1.6.4 werkzeug==3.0.1 diff --git a/requirements/mypy-requirements.txt b/requirements/mypy-requirements.txt index 1944cd09..89705507 100644 --- a/requirements/mypy-requirements.txt +++ b/requirements/mypy-requirements.txt @@ -1,2 +1,2 @@ mypy-extensions==1.0.0 -typing-extensions==4.8.0 +typing-extensions==4.9.0 diff --git a/requirements/sceptre-requirements.txt b/requirements/sceptre-requirements.txt index 2df4a46a..28e4cdae 100644 --- a/requirements/sceptre-requirements.txt +++ b/requirements/sceptre-requirements.txt @@ -1,22 +1,22 @@ attrs==23.1.0 -boto3==1.28.65 -botocore==1.31.65 +boto3==1.34.5 +botocore==1.34.5 cfn-flip==1.3.0 -charset-normalizer==3.3.0 +charset-normalizer==3.3.2 colorama==0.4.3 deepdiff==5.8.1 deprecation==2.1.0 -idna==3.4 +idna==3.6 jinja2==3.1.2 jmespath==1.0.1 jsonschema==3.2.0 markupsafe==2.1.3 networkx==2.6.3 ordered-set==4.1.0 -pyrsistent==0.19.3 +pyrsistent==0.20.0 python-dateutil==2.8.2 requests==2.31.0 -s3transfer==0.7.0 +s3transfer==0.9.0 sceptre-cmd-resolver==2.0.0 sceptre-file-resolver==1.0.6 urllib3==2.0.7 diff --git a/requirements/tmuxp-requirements.txt b/requirements/tmuxp-requirements.txt index 19d753f9..9a5df3bb 100644 --- a/requirements/tmuxp-requirements.txt +++ b/requirements/tmuxp-requirements.txt @@ -1,2 +1,2 @@ colorama==0.4.6 -libtmux==0.24.1 +libtmux==0.25.0