From 1f203810731c41bdaf75003b9218a079709aea13 Mon Sep 17 00:00:00 2001 From: Ellis Clayton <ellis@ellis.codes> Date: Thu, 12 Oct 2023 10:46:30 +1100 Subject: [PATCH] Ignore CVE-2023-24329 We don't use Python. At least not directly. But assuming we do use Python unexpectedtly, the nature of the Docs site is such that we aren't attempting to parse URLs supplied by end-users anywhere. Therefore the likelihood of a malicious string to urllib.parse is extremely low. --- .buildkite/pipeline.deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/pipeline.deploy.yml b/.buildkite/pipeline.deploy.yml index 62720dccea..63d78f4cf8 100644 --- a/.buildkite/pipeline.deploy.yml +++ b/.buildkite/pipeline.deploy.yml @@ -32,6 +32,7 @@ steps: - CVE-2023-35827 # linux 6.1.55-1 - CVE-2023-2953 # openldap 2.5.13+dfsg-5 - CVE-2023-31484 # perl 5.36.0-7 + - CVE-2023-24329 # python3.11 3.11.2-6 # If the current user is part of the deploy team, then wait for everything to # finish before deploying