From 83ac9498b07ec112f1cee3ff46b60e8343c5a100 Mon Sep 17 00:00:00 2001 From: dumol Date: Fri, 16 Aug 2024 10:05:18 +0000 Subject: [PATCH] Updated documented external deps sheets. --- external_deps.csv | 48 +- external_deps.fods | 1124 ++++++++++++++++++++++++-------------------- 2 files changed, 630 insertions(+), 542 deletions(-) diff --git a/external_deps.csv b/external_deps.csv index 415065297..3c68a06eb 100644 --- a/external_deps.csv +++ b/external_deps.csv @@ -1,44 +1,44 @@ OS,AIX,,,Amazon,Alpine,Debian,FreeBSD,,HP-UX,macOS,OS X,RHEL,,,SLES,Solaris,,,,Ubuntu Server,,,,Windows, -OS Version,5.3³,6.1³,7.1+¹,2+¹,3.12+¹,5.0+²,11.4³,12.2+³,11.31³,10.13+¹,10.8³,5.11-7.x¹,8.x¹,9.x¹,11SP4+²,10u8+³,11.0/11.1³,11.2³,11.4³,14.04/16.04¹,18.04¹,20.04¹,22.04¹,"XP, 2003, 2008³","2012r2, 2016, 2019, 2022¹" +OS Version,5.3³,6.1³,7.1+²,2+¹,3.12+¹,6.0+²,11.4³,12.2+³,11.31³,10.13+¹,10.8³,5.11-7.x¹,8.x¹,9.x+¹,11SP4+²,10u8+³,11.0/11.1³,11.2³,11.4³,16.04²,18.04¹,20.04¹,22.04+¹,"XP, 2003, 2008³","2012r2, 2016, 2019, 2022¹" OpenSSL⁶,"1.0.2v-chevah2 (statically linked with stdlib “ssl”) 1.0.2v-chevah2 (statically linked with cryptography)",1.0.2k (from AIX Web Download Pack Programs),"1.0.2v-chevah5¹⁵ (statically linked with stdlib “ssl”) -1.0.2v-chevah5¹⁵ (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”) -1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.1.1cFIPS / -1.1.1k FIPS","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h," -1.0.2o","1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)",1.1.0g,1.1.1f,"1.1.1w (statically linked with stdlib “ssl”) -1.1.1w (statically linked with cryptography)","1.0.2t (bundled with upstream Python 2.7.18) +1.0.2v-chevah5¹⁵ (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”) +1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.1.1cFIPS / +1.1.1k FIPS","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h," +1.0.2o","1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)",1.1.0g,1.1.1f,"1.1.1w-chevah2 (statically linked with stdlib “ssl”) +1.1.1w-chevah2 (statically linked with cryptography)","1.0.2t (bundled with upstream Python 2.7.18) 1.1.1g (bundled with upstream cryptography 2.9.1)","1.0.2t⁹ (bundled with upstream Python 2.7.18) -1.1.1w (built from upstream sources for cryptography)" +1.1.1w-chevah2 (built from upstream sources for cryptography)" Python,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.8⁴,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18¹³ -SQLite,3.34.1,3.34.1,3.43.1,3.43.1,3.43.1,3.43.1,3.30.1,3.34.1,3.34.1,3.43.1,3.30.1,3.43.1,3.43.1,3.43.1,3.43.1,3.34.1,3.30.1,3.34.1,3.34.1,3.43.1,3.43.1,3.43.1,3.43.1,3.30.1 (we overwrite version from upstream Python at build time),3.43.1 (we overwrite version from upstream Python at build time) +SQLite,3.46.0,3.34.1,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1 (we overwrite version from upstream Python at build time),3.46.0 (we overwrite version from upstream Python at build time) Expat,2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.1.0⁵ (bundled with Python 2.7.8),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python) -zlib,1.2.12,p/o,1.3,1.3,p/o,1.3,p/o,p/o,1.2.12,1.3,p/o,1.3,p/o,1.3,1.3,p/o,p/o,p/o,p/o,1.3,p/o,p/o,1.3,1.2.11⁸ (bundled with Python),1.2.11⁸ (bundled with Python) +zlib,1.2.12,p/o,1.3.1,1.3.1,1.3.1,1.3.1,p/o,p/o,1.2.12,1.3.1,p/o,1.3.1,p/o,1.3.1,1.3.1,p/o,p/o,p/o,p/o,1.3.1,p/o,p/o,1.3.1,1.2.11⁸ (bundled with Python),1.2.11⁸ (bundled with Python) bzip2,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,1.0.8,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,1.0.6 (bundled with Python),1.0.6 (bundled with Python) -libffi,3.4.4,3.4.2,3.4.4,p/o,3.4.4,3.4.4,3.4.2,3.4.2,3.4.2,p/o,p/o,3.4.4,p/o,3.4.4,3.4.4,n/a,n/a,3.4.2,3.4.2,p/o,p/o,p/o,p/o,n/a,n/a +libffi,3.4.6,3.4.2,3.4.6,3.4.6,3.4.6,3.4.6,3.4.2,3.4.2,3.4.2,p/o,p/o,3.4.6,p/o,3.4.6,3.4.6,n/a,n/a,3.4.2,3.4.2,3.4.6,p/o,p/o,3.4.6,n/a,n/a libedit,n/a,n/a,n/a,n/a,20170329-3.1,n/a,20170329-3.1,20170329-3.1,n/a,n/a,20170329-3.1,n/a,20170329-3.1,n/a,n/a,n/a,20170329-3.1,20170329-3.1,20170329-3.1,n/a,20170329-3.1,20170329-3.1,n/a,n/a,n/a pysqlite,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,"n/a, upstream sqlite3 is used","n/a, upstream sqlite3 is used" pip,20.3.4¹⁴,9.0.3¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,9.0.3¹⁴,20.3.4chevah1,20.3.4¹⁴,20.3.4chevah1,9.0.3¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4¹⁴,9.0.3¹⁴,20.3.4¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4¹⁴,20.3.4chevah1 setuptools,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,41.6.0¹⁷,41.6.0¹⁷,41.6.0¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷ pycparser,2.20,2.20,2.21,2.21,2.21,2.21,2.20,2.21,2.20,2.21,2.20,2.21,2.21,2.21,2.21,2.20,2.20,2.20,2.21,2.21,2.21,2.21,2.21,2.20,2.21 setproctitle,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10 -cryptography,3.2.1¹²,2.9.2¹²,3.2.1¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,2.9.2¹²,3.3.2¹⁶,n/a,3.3.2¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,n/a,n/a,n/a,3.2.1¹²,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2¹⁶ +cryptography,3.2.1¹²,2.9.2¹²,3.2.1+patches,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,2.9.2¹²,3.3.2+patches¹⁶,n/a,3.3.2+patches¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,n/a,n/a,n/a,3.2.1¹²,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2+patches¹⁶ six,1.15.0,1.13.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0 ipaddress,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,n/a,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23 cffi,1.14.5,1.14.0,1.15.1,1.15.1,1.15.1,1.15.1,1.14.0,1.15.1,n/a,1.15.1,1.14.0,1.15.1,1.15.1,1.15.1,1.15.1,n/a,1.14.0,1.14.5,1.15.1,1.15.1,1.15.1,1.15.1,1.15.1,1.14.0,1.15.1 asn1crypto,n/a,1.2.0,n/a,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,n/a,n/a,n/a,1.2.0,n/a enum34,1.1.10,1.1.6,1.1.10,1.1.10,1.1.10,1.1.10,1.1.6,1.1.10,n/a,1.1.10,1.1.6,1.1.10,1.1.10,1.1.10,1.1.10,,,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.6,1.1.10 -idna,n/a,2.6,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,n/a,2.6,n/a +idna,n/a,"2,6",n/a,n/a,n/a,n/a,"2,6",n/a,n/a,n/a,"2,6",n/a,n/a,n/a,n/a,n/a,"2,6",n/a,n/a,n/a,n/a,n/a,n/a,"2,6",n/a pyOpenSSL,19.1.0,19.1.0,19.1.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0,0.13.1⁷,21.0.0,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,0.13.1⁷,0.13.1⁷,0.13.1⁷,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0 scandir,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0 -psutil,n/a,5.6.5,5.9.5,5.9.5,5.9.5,5.9.5,n/a,5.9.2,n/a,5.9.5,5.6.5,5.9.5,5.9.5,5.9.5,5.9.5,n/a,n/a,n/a,5.9.2,5.9.5,5.9.5,5.9.5,5.9.5,n/a,5.9.5 +psutil,n/a,5.6.5,6.0.0,5.9.6,6.0.0,5.9.6,n/a,5.9.2,n/a,6.0.0,5.6.5,5.9.6,6.0.0,5.9.6,5.9.6,n/a,n/a,n/a,6.0.0,5.9.6,6.0.0,6.0.0,5.9.6,n/a,6.0.0 subprocess32,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4 bcrypt,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,n/a,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7 pywin32,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,,n/a,227,228 @@ -56,8 +56,8 @@ Colour codes:,DARKGREY: Tier 2 platforms and their problematic dependencies,,,,, ,,,,,,,,,,,,10. https://www.openssl.org/news/openssl-1.1.1-notes.html,,,,,,,,,,,,, ,,,,,,,,,,,,11. https://github.com/ActiveState/cpython/tags,,,,,,,,,,,,, ,,,,,,,,,,,,12. https://cryptography.io/en/latest/changelog.html,,,,,,,,,,,,, -,,,,,,,,,,,,"13. On Windows, the upstream Python 2.7.18 packages are hot patched for all known issues except CVE-2021-3177 and CVE-2020-10735",,,,,,,,,,,,, +,,,,,,,,,,,,"13. On Windows, the upstream Python 2.7.18 packages are not patched for CVE-2020-10735, CVE-2021-3177, CVE-2022-48560, CVE-2022-48566, CVE-2023-40217, CVE-2024-0397.",,,,,,,,,,,,, ,,,,,,,,,,,,14. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572,,,,,,,,,,,,, ,,,,,,,,,,,,15. Corresponds to upstream OpenSSL version 1.0.2zg from 07 Feb 2023.,,,,,,,,,,,,, -,,,,,,,,,,,,"16. Both cryptography 3.2.1 and version 3.3.2 have been patched for CVE-2023-23931, but not for CVE-2023-38325.",,,,,,,,,,,,, -,,,,,,,,,,,,17. Versions older than 65.5.1 are vulnerable to CVE-2022-40897.,,,,,,,,,,,,, +,,,,,,,,,,,,"16. Both cryptography 3.2.1 and version 3.3.2+patches have been patched for CVE-2023-23931 and CVE-2023-49083, but not for CVE-2023-38325. Other issues might be present.",,,,,,,,,,,,, +,,,,,,,,,,,,"17. Vulnerable to CVE-2022-40897, CVE-2024-6345.",,,,,,,,,,,,, diff --git a/external_deps.fods b/external_deps.fods index 3752d24ba..e0b577a3d 100644 --- a/external_deps.fods +++ b/external_deps.fods @@ -1,20 +1,20 @@ - LibreOffice/7.6.2.1$Linux_X86_64 LibreOffice_project/56f7684011345957bbf33a7ee678afaf4d2ba333151PT9H17M48Spython-package - external dependencies and associated vulnerabilities2023-10-10T11:39:47.776983843 + LibreOffice/24.2.5.2$Linux_X86_64 LibreOffice_project/bffef4ea93e59bebbeaf7f431bb02b1a39ee8a59166PT10H10M16Spython-package - external dependencies and associated vulnerabilities2024-08-16T13:03:52.122804347 0 0 - 49331 - 24070 + 41189 + 23386 view1 - 3 - 2 + 0 + 1 2 2 1 @@ -103,7 +103,7 @@ false Generic Printer false - 1gH+/0dlbmVyaWMgUHJpbnRlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0dFTlBSVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAMAwgAAAAAAAAAEAAhSAAAEdAAASm9iRGF0YSAxCnByaW50ZXI9R2VuZXJpYyBQcmludGVyCm9yaWVudGF0aW9uPVBvcnRyYWl0CmNvcGllcz0xCmNvbGxhdGU9ZmFsc2UKbWFyZ2luYWRqdXN0bWVudD0wLDAsJzAsMApjb2xvcmRlcHRoPTI0CnBzbGV2ZWw9MApwZGZkZXZpY2U9MQpjb2xvcmRldmljZT0wClBQRENvbnRleHREYXRhClBhZ2VTaXplOkE0AER1cGxleDpOb25lAAASAENPTVBBVF9EVVBMRVhfTU9ERQ8ARHVwbGV4TW9kZTo6T2ZmDABQUklOVEVSX05BTUUPAEdlbmVyaWMgUHJpbnRlcgsARFJJVkVSX05BTUUHAFNHRU5QUlQ= + wAH+/0dlbmVyaWMgUHJpbnRlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0dFTlBSVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAMArAAAAAAAAAAEAAhSAAAEdAAASm9iRGF0YSAxCnByaW50ZXI9R2VuZXJpYyBQcmludGVyCm9yaWVudGF0aW9uPVBvcnRyYWl0CmNvcGllcz0xCmNvbGxhdGU9ZmFsc2UKbWFyZ2luYWRqdXN0bWVudD0wLDAsJzAsMApjb2xvcmRlcHRoPTI0CmNvbG9yZGV2aWNlPTAKUFBEQ29udGV4dERhdGEKRHVwbGV4Ok5vbmUAUGFnZVNpemU6QTQAABIAQ09NUEFUX0RVUExFWF9NT0RFDwBEdXBsZXhNb2RlOjpPZmYMAFBSSU5URVJfTkFNRQ8AR2VuZXJpYyBQcmludGVyCwBEUklWRVJfTkFNRQcAU0dFTlBSVA== false 1000 1000 @@ -133,63 +133,63 @@ - - + + - + - + - - + + - - + + - + $ - + - $ - + - + : - + : : - + : - + @@ -403,7 +403,7 @@ - + @@ -462,93 +462,109 @@ - + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -556,40 +572,47 @@ + + + . + + . + + - - + + - - - - - - - + + - - + + - - + + + + + + + - + - + @@ -597,434 +620,492 @@ - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + + + + + + - - + + - - + + - - + + + + + + + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - + - - + + - + + + + + + - - + + - - + + - - + + - + - - + + - - + + + + + + + - - + + - - + + - + - - + + + + + + + - - + + - - + + - - - - - - - + + - - + + - - + + - - + + + + + + + - - + + - - + + - - + + - - + + - - + + - + - - + + - - - - + + + + - - + + + + + + + - - + + - - + + - - + + - + + + + + + - - + + + + + + + + + + + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - - + + + + - - + + - - + + - - + + - + - - + + - - - - + + + + - - + + + + + + + - - + + - - + + + + + - - - - - - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - - + + + + - - + + + + + + + - - + + - - + + - - + + + + + + + - - + + - - + + - + @@ -1032,65 +1113,65 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1099,7 +1180,7 @@ - + @@ -1126,61 +1207,61 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1192,46 +1273,52 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + @@ -1253,7 +1340,7 @@ ???(???) - 00/00/0000, 00:00:00 + 00.00.0000, 00:00:00 @@ -1287,23 +1374,23 @@ - - + + - - + + - + @@ -1369,8 +1456,7 @@ 6.1³ - - 7.1+¹ + 7.1+² 2+¹ @@ -1378,7 +1464,7 @@ 3.12+¹ - 5.0+² + 6.0+² 11.4³ @@ -1398,9 +1484,9 @@ 8.x¹ - 9.x¹ + 9.x+¹ - 11SP4+² + 11SP4+² 10u8+³ @@ -1410,17 +1496,16 @@ 11.4³ - - 14.04/16.04¹ + 16.04² - + 18.04¹ - + 20.04¹ - - 22.04¹ + + 22.04+¹ XP, 2003, 2008³ @@ -1431,19 +1516,19 @@ - OpenSSL + OpenSSL 1.0.2v-chevah2 (statically linked with stdlib “ssl”)1.0.2v-chevah2 (statically linked with cryptography) 1.0.2k (from AIX Web Download Pack Programs) - 1.0.2v-chevah5¹⁵ (statically linked with stdlib “ssl”)1.0.2v-chevah5¹⁵ (statically linked with cryptography) + 1.0.2v-chevah5¹⁵ (statically linked with stdlib “ssl”)1.0.2v-chevah5¹⁵ (statically linked with cryptography) - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) 1.0.1u @@ -1454,17 +1539,17 @@ 1.0.2h - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) - 1.1.1g (statically built for stdlib “ssl”)1.1.1g (bundled with upstream cryptography 2.9.1) + 1.1.1g (statically built for stdlib “ssl”)1.1.1g (bundled with upstream cryptography 2.9.1) - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) - 1.1.1cFIPS /1.1.1k FIPS + 1.1.1cFIPS /1.1.1k FIPS - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) 1.0.2n (from upstream Oracle patches) @@ -1476,7 +1561,7 @@ 1.0.2o - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) 1.1.0g @@ -1484,73 +1569,73 @@ 1.1.1f - 1.1.1w (statically linked with stdlib “ssl”)1.1.1w (statically linked with cryptography) + 1.1.1w-chevah2 (statically linked with stdlib “ssl”)1.1.1w-chevah2 (statically linked with cryptography) 1.0.2t (bundled with upstream Python 2.7.18)1.1.1g (bundled with upstream cryptography 2.9.1) - 1.0.2t⁹ (bundled with upstream Python 2.7.18)1.1.1w (built from upstream sources for cryptography) + 1.0.2t⁹ (bundled with upstream Python 2.7.18)1.1.1w-chevah2 (built from upstream sources for cryptography) - + Python - + 2.7.18+patches 2.7.18¹¹ - + 2.7.18+patches - + 2.7.18+patches 2.7.18¹¹ - + 2.7.18+patches - + 2.7.18+patches 2.7.18¹¹ - + 2.7.18+patches - + 2.7.18+patches - + 2.7.18+patches - + 2.7.18+patches 2.7.8 2.7.18¹¹ - + 2.7.18+patches - + 2.7.18+patches - + 2.7.18+patches - + 2.7.18+patches - + 2.7.18+patches 2.7.18¹¹ - 2.7.18¹³ + 2.7.18¹³ @@ -1559,60 +1644,54 @@ SQLite - 3.34.1 + 3.46.0 3.34.1 - 3.43.1 + 3.46.0 - 3.43.1 + 3.46.0 3.30.1 - - 3.34.1 - - - 3.43.1 + + 3.46.0 3.30.1 - 3.43.1 + 3.46.0 - 3.43.1 + 3.46.0 - - 3.43.1 - - - 3.34.1 + + 3.46.0 3.30.1 - 3.34.1 + 3.46.0 - 3.43.1 + 3.46.0 - 3.43.1 + 3.46.0 - 3.30.1 (we overwrite version from upstream Python at build time) + 3.30.1 (we overwrite version from upstream Python at build time) - 3.43.1 (we overwrite version from upstream Python at build time) + 3.46.0 (we overwrite version from upstream Python at build time) - + Expat @@ -1668,7 +1747,7 @@ - + zlib @@ -1678,14 +1757,14 @@ p/o - - 1.3 + + 1.3.1 - - p/o + + 1.3.1 - - 1.3 + + 1.3.1 p/o @@ -1696,20 +1775,20 @@ 1.2.12 - - 1.3 + + 1.3.1 p/o - - 1.3 + + 1.3.1 p/o - - 1.3 + + 1.3.1 p/o @@ -1720,18 +1799,18 @@ p/o - - 1.3 + + 1.3.1 p/o - - 1.3 + + 1.3.1 - 1.2.11 (bundled with Python) + 1.2.11 (bundled with Python) - 1.2.11 (bundled with Python) + 1.2.11 (bundled with Python) @@ -1804,7 +1883,7 @@ 1.0.6 (bundled with Python) - 1.0.6 (bundled with Python) + 1.0.6 (bundled with Python) @@ -1812,23 +1891,23 @@ libffi - - 3.4.4 + + 3.4.6 3.4.2 - - 3.4.4 + + 3.4.6 - - p/o + + 3.4.6 - - 3.4.4 + + 3.4.6 - - 3.4.4 + + 3.4.6 3.4.2 @@ -1845,17 +1924,17 @@ p/o - - 3.4.4 + + 3.4.6 p/o - - 3.4.4 + + 3.4.6 - - 3.4.4 + + 3.4.6 n/a @@ -1869,14 +1948,14 @@ 3.4.2 - - p/o + + 3.4.6 p/o - - p/o + + 3.4.6 n/a @@ -2024,7 +2103,7 @@ - + pip @@ -2049,7 +2128,7 @@ 20.3.4chevah1 - 20.3.4¹⁴ + 20.3.4¹⁴ 20.3.4chevah1 @@ -2093,7 +2172,7 @@ - + setuptools @@ -2101,13 +2180,13 @@ 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ 44.1.1¹⁷ @@ -2115,17 +2194,17 @@ 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ 41.6.0¹⁷ @@ -2133,19 +2212,19 @@ 41.6.0¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ 44.1.1¹⁷ - 44.1.1¹⁷ + 44.1.1¹⁷ @@ -2283,32 +2362,27 @@ 2.9.2¹² - 3.2.1¹⁶ - - 3.3.2¹⁶ + + 3.2.1+patches - 3.3.2¹⁶ - - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ 2.9.2¹² - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ n/a - 3.3.2¹⁶ - - 2.9.2¹² (wheel includes OpenSSL) - - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ - 3.3.2¹⁶ + 2.9.2¹² (wheel includes OpenSSL) - 3.3.2¹⁶ - - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ n/a @@ -2318,17 +2392,13 @@ 3.2.1¹² - 3.3.2¹⁶ - - 3.3.2¹⁶ - - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ - 3.3.2¹⁶ + 2.9.2¹² (wheel includes OpenSSL) - 2.9.2¹² (wheel includes OpenSSL) - - 3.3.2¹⁶ + + 3.3.2+patches¹⁶ @@ -2702,13 +2772,13 @@ n/a - 2.6 + 2,6 n/a - 2.6 + 2,6 n/a @@ -2717,7 +2787,7 @@ n/a - 2.6 + 2,6 n/a @@ -2732,7 +2802,7 @@ n/a - 2.6 + 2,6 n/a @@ -2750,14 +2820,14 @@ n/a - 2.6 + 2,6 n/a - + pyOpenSSL @@ -2785,7 +2855,7 @@ 21.0.0 - 0.13.1 + 0.13.1 21.0.0 @@ -2805,7 +2875,7 @@ 21.0.0 - 0.13.1 + 0.13.1 0.13.1 @@ -2911,16 +2981,16 @@ 5.6.5 - 5.9.5 + 6.0.0 - 5.9.5 + 5.9.6 - 5.9.5 + 6.0.0 - 5.9.5 + 5.9.6 n/a @@ -2932,22 +3002,22 @@ n/a - 5.9.5 + 6.0.0 5.6.5 - 5.9.5 + 5.9.6 - 5.9.5 + 6.0.0 - 5.9.5 + 5.9.6 - 5.9.5 + 5.9.6 n/a @@ -2956,22 +3026,22 @@ n/a - 5.9.2 + 6.0.0 - 5.9.5 + 5.9.6 - 5.9.5 + 6.0.0 - 5.9.5 + 5.9.6 n/a - 5.9.5 + 6.0.0 @@ -3200,7 +3270,8 @@ 0. Dependencies above are listed as per the current build process, not necessarily for the latest released versions of python-package. - + + @@ -3214,10 +3285,11 @@ 1. Tier 1 platforms, fully supported and tested - + + - + Colour codes: @@ -3229,10 +3301,11 @@ 2. Tier 2 platforms, partially supported, still built - + + - + LIGHT GREY: Tier 3 platforms and their problematic dependencies @@ -3242,10 +3315,11 @@ 3. Tier 3 platforms, supported at some point, not built any more - + + - + GREEN: no known vulnerabilities for Tier 1 platforms @@ -3255,10 +3329,11 @@ 4. https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/version_id-92056/Python-Python-2.7.html - + + - + BLUE: possible vulnerabilities found upstream, but no released version has them yet @@ -3268,23 +3343,25 @@ 5. https://github.com/libexpat/libexpat/blob/master/expat/Changes - + + - + ORANGE: minor vulnerabilities found - + 6. Unless specified otherwise, OpenSSL libs are linked against dynamically - + + - + RED: major vulnerabilities found @@ -3294,10 +3371,11 @@ 7. pyOpenSSL 0.14 and newer is a major rewrite, so it's not clear to what extent their vulnerabilities do apply - + + - + MAGENTA: vulnerability status could not be established @@ -3306,92 +3384,102 @@ 8. https://cve.report/CVE-2018-25032 and https://cve.report/CVE-2022-37434 - + + - + DEFAULT COLOUR: maintained upstream or not applicable - 9. https://www.openssl.org/news/openssl-1.0.2-notes.html + 9. https://www.openssl.org/news/openssl-1.0.2-notes.html - + + - 10. https://www.openssl.org/news/openssl-1.1.1-notes.html + 10. https://www.openssl.org/news/openssl-1.1.1-notes.html - + + - 11. https://github.com/ActiveState/cpython/tags + 11. https://github.com/ActiveState/cpython/tags - + + - + 12. https://cryptography.io/en/latest/changelog.html - + + - 13. On Windows, the upstream Python 2.7.18 packages are hot patched for all known issues except CVE-2021-3177 and CVE-2020-10735 + 13. On Windows, the upstream Python 2.7.18 packages are not patched for CVE-2020-10735, CVE-2021-3177, CVE-2022-48560, CVE-2022-48566, CVE-2023-40217, CVE-2024-0397. - + + - + 14. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572 - + + - + 15. Corresponds to upstream OpenSSL version 1.0.2zg from 07 Feb 2023. - + + - - 16. Both cryptography 3.2.1 and version 3.3.2 have been patched for CVE-2023-23931, but not for CVE-2023-38325. + + 16. Both cryptography 3.2.1 and version 3.3.2+patches have been patched for CVE-2023-23931 and CVE-2023-49083, but not for CVE-2023-38325. Other issues might be present. - + + - - 17. Versions older than 65.5.1 are vulnerable to CVE-2022-40897. + + 17. Vulnerable to CVE-2022-40897, CVE-2024-6345. - + +