Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update third party libs to address security vulnerabilities #182

Merged
merged 4 commits into from
Jan 17, 2017
Merged

Update third party libs to address security vulnerabilities #182

merged 4 commits into from
Jan 17, 2017

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Jan 3, 2017

Update third-party libraries to address security vulnerabilities.

@mstemm
Update openssl to 1.0.2j.
f5a74dc 
This fixes a set of ~25 security vulnerabilities.
@mstemm mstemm force-pushed the update-third-party-libs-security branch from c4342fe to 271b08f Compare January 4, 2017 00:25
mstemm and others added 2 commits January 3, 2017 17:22
@mstemm
Update libcurl to 7.52.1.
b0ea2da 
This fixes a set of ~10 security vulnerabilities.
@mstemm
Patch jq 1.5 with a fix for security vulns.
fded42c 
After downloading jq 1.5, apply the changes in
jqlang/jq@8eb1367
by downloading the commit as a patch and applying it. This fixes
CVE-2015-8863.
@mstemm mstemm force-pushed the update-third-party-libs-security branch 2 times, most recently from ec8a517 to 90da2c9 Compare January 4, 2017 01:35
@mstemm
Copy link
Contributor Author

mstemm commented Jan 4, 2017

Results of security scan after these changes:

screen shot 2017-01-03 at 5 46 54 pm

screen shot 2017-01-03 at 5 47 04 pm

screen shot 2017-01-03 at 5 47 12 pm

@mstemm mstemm force-pushed the update-third-party-libs-security branch 2 times, most recently from 4e6893b to bb73243 Compare January 5, 2017 19:07
@mstemm
Add a local dockerfile variant.
5636f8e 
Add a local dockerfile variant that allows creating an image from a
local .deb package.
@mstemm mstemm force-pushed the update-third-party-libs-security branch from bb73243 to 5636f8e Compare January 5, 2017 19:09
@mstemm mstemm merged commit 10d0c8f into dev Jan 17, 2017
@mstemm mstemm deleted the update-third-party-libs-security branch January 17, 2017 18:24
@jasondellaluce jasondellaluce mentioned this pull request Jul 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mstemm