Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-278

Missing python3-pyyaml in vulnerability definition of CVE-2017-18342

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • oval
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • SECDATA-216 - SDEngine Backlog

      [In] rhel-8-including-unpatched.oval.xml.bz2, [among] the details of vuln CVE-2017-18342 (definition id: oval:com.redhat.cve:def:201718342) the following affected components are reported:

      <component>PyYAML</component>
      <component>PyYAML-debugsource</component>
      <component>python2-pyyyaml</component>
      <component>python38-pyyaml</component>
      <component>python39-pyyaml</component>

      However, the python3-pyyaml component is missing.

      Lookup in VMaaS does find it so it's not immediately clear why it's not being included:

      VMaaS.binary_package_names_by_source("PyYAML", ["rhel-8-for-x86_64-baseos-rpms"])
Out[3]: {'rhel-8-for-x86_64-baseos-rpms': ['python3-pyyaml']}

            Unassigned Unassigned
            mprpic@redhat.com Martin Prpic
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: