My GCE is interpreting version numbers poorly. It is identifying installed python version of 2.7.150, and is suggesting I upgrade to 2.7.15 per CVE-2018-1000030. Similar issue regarding CVE-2014-1912, where it is suggesting I upgrade from 2.7.150 to at least 2.7.7
Thanks for the report. We will look into it and let you know of any updates regarding this issues.
Can you provide the more deteails like, which version is you have installed?
when we install 2.7.15 , version in the registry appears like 2.7.15150 and VT is
checking vulnerable range 2.7.0-2.7.15149
Registry shows installed python version of 2.7.150. In our situation, python is bundled with another software, which the suppliers of say is not a vulnerable version. So, maybe they are wrong and it is vulnerable. I don’t understand the appended 150 on the end of the version number. From my uneducated perspective, it looked as though it was saying version 2.7.150 is less than 2.7.15. What it is really saying is version 2.7(.150) is less than 2.7.15(150).
I will push back on the other vendor. Thank you for your time.