Hi, @kyamagu , @jljusten , I'd like to report a vulnerability issue in skia-python_87.4.
Dependency Graph between Python and Shared Libraries
Issue Description
As shown in the above dependency graph, skia-python_87.4 directly or transitively depends on 4 C libraries (.so). However, I noticed that one C library is vulnerable, containing the following CVEs:
libuuid-f64cda11.so.1.3.0 from C project util-linux(version:2.27.1) exposed 3 vulnerabilities:
CVE-2018-7738, CVE-2021-37600, CVE-2016-5011
Suggested Vulnerability Patch Versions
util-linux has fixed the vulnerabilities in versions >=2.37.2
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (skia-python has 8,051 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~
Best regards,
Andy
Hi, @kyamagu , @jljusten , I'd like to report a vulnerability issue in skia-python_87.4.
Dependency Graph between Python and Shared Libraries
Issue Description
As shown in the above dependency graph, skia-python_87.4 directly or transitively depends on 4 C libraries (.so). However, I noticed that one C library is vulnerable, containing the following CVEs:
libuuid-f64cda11.so.1.3.0from C project util-linux(version:2.27.1) exposed 3 vulnerabilities:CVE-2018-7738, CVE-2021-37600, CVE-2016-5011
Suggested Vulnerability Patch Versions
util-linux has fixed the vulnerabilities in versions >=2.37.2
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (skia-python has 8,051 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~
Best regards,
Andy