CVE-2019-12855

Advisory

Lithops 1.0.19 fixes a CVE-2019-12855 security alert.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Added
- Added 'obj' as an optional arg for the functions when a user wants to process objects from OS
- Added 'rabbitmq' as an optional arg for the functions
- Added 'id' as an optional arg for the functions
- Added rabbitmq example

Changed
- Deleted 'bucket' 'key' 'data_stream' function args in favor of 'obj'
- Internal improvements related data partitioning
- Changed create_timeline_plots() method name to create_execution_plots()
- Docs updated
- updated notebooks
- Upgrade cos-sdk Python module version

Fixed
- Fixed tests
- Fixed CVE-2019-12855 security alert

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
• https://twistedmatrix.com/trac/ticket/9561
• https://github.com/twisted/twisted/pull/1147
• https://lists.fedoraproject.org/archives/list/[email protected]/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
• https://usn.ubuntu.com/4308-1/
• https://usn.ubuntu.com/4308-2/
• https://www.oracle.com/security-alerts/cpuapr2020.html