From 3c7bf58211e1ddbf97911ee3fce78f962b8518cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Fri, 4 Jan 2019 21:52:43 +0200
Subject: [PATCH 1/2] Upgrade PyYAML

CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
---
 core/admin/requirements-prod.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/requirements-prod.txt b/core/admin/requirements-prod.txt
index a538c023..5f59bb9a 100644
--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@@ -34,7 +34,7 @@ pyOpenSSL==18.0.0
 python-dateutil==2.7.5
 python-editor==1.0.3
 pytz==2018.7
-PyYAML==3.13
+PyYAML==4.2b1
 redis==3.0.1
 six==1.11.0
 SQLAlchemy==1.2.13

From 284d54190ae0678aa67e942299237eeed3e35aae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <muhlemmer@gmail.com>
Date: Sun, 6 Jan 2019 14:40:29 +0200
Subject: [PATCH 2/2] Upgrade PyYAML to 4.2b4

---
 core/admin/requirements-prod.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/requirements-prod.txt b/core/admin/requirements-prod.txt
index 5f59bb9a..3679b63f 100644
--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@@ -34,7 +34,7 @@ pyOpenSSL==18.0.0
 python-dateutil==2.7.5
 python-editor==1.0.3
 pytz==2018.7
-PyYAML==4.2b1
+PyYAML==4.2b4
 redis==3.0.1
 six==1.11.0
 SQLAlchemy==1.2.13