CVE-2020-14343

Advisory

Mtr2mqtt 0.1.0 upgrades the pyYML version requirement due to the CVE-2020-14343.
https://github.com/tvallas/mtr2mqtt/commit/a7271be78ced193e29947c2174d8a751cc660cf4

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Chore

* chore: update Pipfile.lock ([`986ff61`](https://github.com/tvallas/mtr2mqtt/commit/986ff6119b7b33d2496745dc57a40018ed78e339))

* chore: update pyYML version requirement for security vulnerability reasons ([`a7271be`](https://github.com/tvallas/mtr2mqtt/commit/a7271be78ced193e29947c2174d8a751cc660cf4))

Ci

* ci: change tests and lint to use pipenv ([`1e13dc2`](https://github.com/tvallas/mtr2mqtt/commit/1e13dc2aa28b878fed7cdc3d9930c7a46be7000b))

* ci: fix pylint test ([`39d7b9a`](https://github.com/tvallas/mtr2mqtt/commit/39d7b9a5757eeab2cf6084c404004f26788c1635))

* ci: fix pylint dependencies ([`4f34513`](https://github.com/tvallas/mtr2mqtt/commit/4f3451364a6c384d55a4df59b5d8c84f009a1ca2))

* ci(pylint): fix dependencies installation for pylint step ([`cfed3e7`](https://github.com/tvallas/mtr2mqtt/commit/cfed3e7ab5298e31f14c89e39a7cec345113f0d4))

* ci(ci): test ci by doing style fixes ([`7ac9d7e`](https://github.com/tvallas/mtr2mqtt/commit/7ac9d7ec0afa3685b391f7303482a9259c178498))

* ci: fix imports ([`62efeda`](https://github.com/tvallas/mtr2mqtt/commit/62efeda449832dd0dd82d647bb9dd5ac78e79333))

* ci(gitlab actions): test gitlab actions

Also some style changes and reorganising directory structure etc. ([`66a63ac`](https://github.com/tvallas/mtr2mqtt/commit/66a63ace68fe677c20903a2b81377359288dd940))

* ci(ci): test GitHub actions ([`85cfec4`](https://github.com/tvallas/mtr2mqtt/commit/85cfec41229e025de59a91ed9ae812967daf20a7))

* ci(ci): testing github actions ([`217d5fd`](https://github.com/tvallas/mtr2mqtt/commit/217d5fd1646a96412931f8a98251b50b6b3f7683))

Documentation

* docs: fix syntax in readme ([`0415bd5`](https://github.com/tvallas/mtr2mqtt/commit/0415bd5adc0e593d62d1ef4c1cf199b326ad4a2a))

Feature

* feat: add debug logging of unsupported packages ([`f7ae1e3`](https://github.com/tvallas/mtr2mqtt/commit/f7ae1e341a66cfff0689cd74fac474956c2f6e58))

* feat(mtr): add UTC timestamp field to reading output json ([`78fc3ff`](https://github.com/tvallas/mtr2mqtt/commit/78fc3ff4bebafe34e4a2f4ca2f11348c851944ff))

* feat(calibration support): add simple support for Utility packets having calibration date ([`950b731`](https://github.com/tvallas/mtr2mqtt/commit/950b73125ca46232766f36c9aa3304cacced16b6))

* feat(mtr2mqtt): initial commit ([`12dd367`](https://github.com/tvallas/mtr2mqtt/commit/12dd3673384d1bba466d437b72a6341be54fdcd2))

Fix

* fix: ignore responses with checksum error ([`a6dd3c1`](https://github.com/tvallas/mtr2mqtt/commit/a6dd3c15ec1987fb84d7dc42cefea866e8a91a89))

* fix: fix utility packet return value to valid response instead of None if device wasn&39;t calibrated ([`f5c7c09`](https://github.com/tvallas/mtr2mqtt/commit/f5c7c097ec78ac505841bbabd0040e189fed030c))

* fix(gitignore): fix typo in sample metadata file name ([`1b3125f`](https://github.com/tvallas/mtr2mqtt/commit/1b3125f45ce0a63cfd708c65797ecadba6c8fda4))

* fix(metadata): fix transmitter id comparison ([`4958340`](https://github.com/tvallas/mtr2mqtt/commit/49583404144c47f14e0ee2408a721752b78aafe0))

Performance

* perf: cut the execution tree and at the first supported device ([`077b551`](https://github.com/tvallas/mtr2mqtt/commit/077b5511174b67788814cc22fed6613eee522c67))

Refactor

* refactor(metadata): change loadfile function to return value as string ([`cc5a47d`](https://github.com/tvallas/mtr2mqtt/commit/cc5a47df0995eda0886bdaa98aad96439e5b989d))

* refactor: change args to named parameters ([`7fe014c`](https://github.com/tvallas/mtr2mqtt/commit/7fe014c3fbbade6f0766f32dd9c65fda6d8e8fa0))

* refactor: fix PEP8 style issues ([`989a491`](https://github.com/tvallas/mtr2mqtt/commit/989a491f8119e25cd9b7bcf54b181ddfd91c0e70))

* refactor: pEP8 style fixes ([`1fe1fbb`](https://github.com/tvallas/mtr2mqtt/commit/1fe1fbb771bde704182a3ae90f4b6d74ac0d579f))

* refactor(cli): fix simple pep8 style issues ([`b0c49c9`](https://github.com/tvallas/mtr2mqtt/commit/b0c49c9e5b5f5d95b19b062ee781bd570de18516))

* refactor(tests_mtr): fix pep8 style issues ([`9fb2c7d`](https://github.com/tvallas/mtr2mqtt/commit/9fb2c7d97cc274ecd9c110832307932bfbfe6006))

* refactor(scl): fix pep8 style issues ([`3d474d8`](https://github.com/tvallas/mtr2mqtt/commit/3d474d844b97c872bb02eeaacf5887d3208c4e00))

* refactor(mtr): fix pep8 style issues and add payload size check warning ([`93f15ca`](https://github.com/tvallas/mtr2mqtt/commit/93f15ca646519954d34339d8ae17048a1366969e))

* refactor(metadata): fix pep8 style issues ([`a33f0b3`](https://github.com/tvallas/mtr2mqtt/commit/a33f0b3be1995f1fb4c18b78e0af46238a7b00ae))

Test

* test(metadata): add unit tests for metadata module ([`eac3675`](https://github.com/tvallas/mtr2mqtt/commit/eac3675aa4cd091c6cd48ebd7a4554b7f4c51382))

Unknown

* Merge pull request 14 from tvallas/ci/fix-pipenv-for-unit-tests

ci: change tests and lint to use pipenv ([`a847c0e`](https://github.com/tvallas/mtr2mqtt/commit/a847c0e5cb908a0f9dd6393477490d455ce96acd))

* Feat/add semantic versioning (13)

* feat: add python-semantic-release package and change setup.py to use variable for versioning

* ci: add test version of semantic release workflow ([`057554d`](https://github.com/tvallas/mtr2mqtt/commit/057554d1c18b2910976dbd3e410915c28d453de4))

* Merge pull request 12 from tvallas/chore/pipfile-lock-update

chore: update Pipfile.lock ([`35fd3dc`](https://github.com/tvallas/mtr2mqtt/commit/35fd3dcc9e3a9662669344e53aecfbada4804bc3))

* Merge pull request 11 from tvallas/fix/ignore-packets-with-wrong-checksum

Fix/ignore packets with wrong checksum ([`59f4b39`](https://github.com/tvallas/mtr2mqtt/commit/59f4b392d920e9e24bafb802b672b19cc22662fd))

* Merge pull request 10 from tvallas/fix/metadata-handling-for-utility-packets

fix: fix utility packet return value to valid response instead of Non… ([`0321243`](https://github.com/tvallas/mtr2mqtt/commit/03212439f5659e28dec6b5c410914fcd4a9055a9))

* Merge pull request 9 from tvallas/test/add-meta-data-tests

fix(gitignore): fix typo in sample metadata file name ([`911b47a`](https://github.com/tvallas/mtr2mqtt/commit/911b47a4fda3b068445600ec965bec3cff7a6a68))

* Merge pull request 8 from tvallas/test/add-meta-data-tests

Test/add meta data tests ([`53c70a9`](https://github.com/tvallas/mtr2mqtt/commit/53c70a9f5e576c2d871dbe2e77d1f829c757ed3e))

* Merge pull request 7 from tvallas/fix/mtr_parsing_improvements

Fix/mtr parsing improvements ([`ee776c7`](https://github.com/tvallas/mtr2mqtt/commit/ee776c7b721b339db2fc0753a82a1206dcafc545))

* Merge pull request 6 from tvallas/fix/readme-fixes

docs: fix syntax in readme ([`2117771`](https://github.com/tvallas/mtr2mqtt/commit/2117771f48d14d0b09abfc7f2b7461b067bb6198))

* Merge pull request 5 from tvallas/fix/pep8-style-issues

Fix/pep8 style issues ([`3777f06`](https://github.com/tvallas/mtr2mqtt/commit/3777f064e23c21c132fd01312f06ee0f42ea3b98))

* Merge pull request 4 from tvallas/feature/simple-ci-setup

Feature/simple ci setup ([`381e54e`](https://github.com/tvallas/mtr2mqtt/commit/381e54e075909289bea7477c8d1f8d3b6fc0fcfe))

* Merge pull request 3 from tvallas/feature/add-timestamp-to-mqtt-output

feat(mtr): add UTC timestamp field to reading output json ([`f61b1b2`](https://github.com/tvallas/mtr2mqtt/commit/f61b1b2fdc497efe7447b0b11f78ea41e28b9c40))

* Merge pull request 1 from tvallas/feature/utility-packet-support

feat(calibration support): add simple support for Utility packets hav… ([`67a86ad`](https://github.com/tvallas/mtr2mqtt/commit/67a86adddd0d1930cb7b491e19adb86343a64ee7))

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343