CVE-2021-41495

Advisory

Seismic-zfp version 0.3.2 has been updated to enhance security by upgrading its numpy dependency from version 1.21.3 to 1.22.2. This update addresses the vulnerability identified as CVE-2021-41495.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Summary
- Bugfix for coordinate scalars coming from ZGY
- Minor performance fix
- Add Equinor boilerplate
- Upgrade dependencies to reduce vulnerabilities

What's Changed
* [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by da-wad in https://github.com/equinor/seismic-zfp/pull/77
* Hard coded source coordinate scalar to -100 when converting from zgy … by dmlbarker in https://github.com/equinor/seismic-zfp/pull/84
* [Snyk] Security upgrade numpy from 1.21.3 to 1.22.2 by snyk-bot in https://github.com/equinor/seismic-zfp/pull/80
* [Snyk] Security upgrade numpy from 1.21.3 to 1.22.2 by snyk-bot in https://github.com/equinor/seismic-zfp/pull/78
* [Snyk] Security upgrade requests from 2.31.0 to 2.32.0 by da-wad in https://github.com/equinor/seismic-zfp/pull/83
* [Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0 by da-wad in https://github.com/equinor/seismic-zfp/pull/82
* [Snyk] Security upgrade requests from 2.31.0 to 2.32.0 by jafr67 in https://github.com/equinor/seismic-zfp/pull/86

New Contributors
* dmlbarker made their first contribution in https://github.com/equinor/seismic-zfp/pull/84
* snyk-bot made their first contribution in https://github.com/equinor/seismic-zfp/pull/80
* jafr67 made their first contribution in https://github.com/equinor/seismic-zfp/pull/86

**Full Changelog**: https://github.com/equinor/seismic-zfp/compare/v0.3.1...v0.3.2

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41495