| Summary: | pycharm-community new security issue CVE-2019-14958 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Kristoffer Grundström <lovaren> |
| Component: | Security | Assignee: | Stig-Ørjan Smelror <smelror> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | lovaren, mageia, zombie_ryushu |
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvd.nist.gov/vuln/detail/CVE-2019-14958 | ||
| See Also: | https://bugs.mageia.org/show_bug.cgi?id=23645 | ||
| Whiteboard: | |||
| Source RPM: | pycharm-community-2019.1.1-2.mga7.src.rpm | CVE: | CVE-2019-14958 |
| Status comment: | Fixed upstream in 2019.2, needs to be built from source rather than shipping pre-built binaries | ||
| Attachments: |
New spec file for pycharm-community
Here's the whole building procedure and the warnings/errors Build log for 2020.3 |
||
|
Description
Kristoffer Grundström
2020-02-29 01:16:58 CET
Created attachment 11525 [details]
Here's the whole building procedure and the warnings/errors
The plugin versions needs to be updated as well. When it comes to Revision in the changelog and Build ID numbers I didn't know what to type. Here's what's new in this version: Interactive widgets for Jupyter notebooks, MongoDB support, and code assistance for all Python 3.8 features are here. Thank you for notifying the more recent package (2019.3.3); and for all your preparatory work. I am not sure how this stands with our 'version' policy: https://wiki.mageia.org/en/Updates_policy#Version_Policy We do provide new versions per se as updates if they are backward compatible and do not introduce any compatability problems; more importantly, if they incorporate bug fixes. Up to the packager to decide whether to do this at all (but why not?); and as an update to our latest version, or a backport. https://www.jetbrains.com/pycharm/whatsnew/ Please note that features marked PRO ONLY are supported only in PyCharm Professional Edition [that is, *not* this community one]: Jupyter PRO ONLY Database Support PRO ONLY Web development PRO ONLY which does not deride the many 'community' improvements noted there; and presumably others accumulated since our version 2019.1.1. I found no mention of bug fixes, but there must be some! Assigning to Stig as the active maintainer. Please re-assign if this displeases. Assignee:
bugsquad =>
smelror JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. CVE:
(none) =>
CVE-2019-14958
Zombie Ryushu
2020-12-19 19:35:35 CET
URL:
(none) =>
https://nvd.nist.gov/vuln/detail/CVE-2019-14958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14958 Severity:
normal =>
major
David Walser
2020-12-28 18:31:27 CET
Status comment:
(none) =>
Fixed upstream in 2019.2, needs to be built from source rather than shipping pre-built binaries https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/ Resolution:
(none) =>
OLD |