Bug 23542

Summary: python-pycryptodomex new security issue CVE-2018-15560
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Python Stack Maintainers <python>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, guillomovitch, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: python-pycryptodomex-3.6.4-2.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-09-07 19:41:33 CEST 
Fedora has issued an advisory today (September 7):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6F3KETKIU2JFORRESD4J7D2SWIC2TKHE/

The issue is fixed upstream in 3.6.6.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-09-07 19:41:40 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-09-08 13:29:26 CEST 
Assigning to the python maintainer group, CC'ing the registered maintainer.

CC: (none) => guillomovitch, marja11
Assignee: bugsquad => python

Comment 2 David GEIGER 2018-09-12 08:21:11 CEST 
Fixed for Cauldron!

But I don't see this package on mga6 repo.

CC: (none) => geiger.david68210

Comment 3 David Walser 2018-09-12 21:34:44 CEST 
Oh, it looks like it's actually python-pycryptodomex that needs fixed (see the x)

I guess it's not in older versions.  Not sure what I was looking at.

Summary: python-pycryptodome new security issue CVE-2018-15560 => python-pycryptodomex new security issue CVE-2018-15560
Whiteboard: MGA6TOO => (none)
Source RPM: python-pycryptodome-3.6.4-2.mga7.src.rpm => python-pycryptodomex-3.6.4-2.mga7.src.rpm

Comment 4 David Walser 2018-09-12 22:37:37 CEST 
Both packages have been updated to 3.6.6 by David.  Thanks David!

Status: NEW => RESOLVED
Resolution: (none) => FIXED