Bug 26894

Summary:	python3 new security issue CVE-2020-14422
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	David GEIGER <geiger.david68210>
Status:	RESOLVED DUPLICATE	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal
Version:	7
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	python3-3.7.6-1.mga7.src.rpm	CVE:
Status comment:

Description David Walser 2020-07-02 23:24:32 CEST

SUSE has issued an advisory today (July 2):
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007067.html

Mageia 7 is also affected.

David Walser 2020-07-02 23:25:00 CEST

Depends on: (none) => 26268
Whiteboard: (none) => MGA7TOO

Comment 1 David GEIGER 2020-07-03 07:59:17 CEST

Fixed on Cauldron!

CC: (none) => geiger.david68210

Comment 2 David Walser 2020-07-03 13:30:32 CEST

Fixed in python3-3.8.3-3.mga8.

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Source RPM: python3-3.8.3-2.mga8.src.rpm => python3-3.7.6-1.mga7.src.rpm

Comment 3 Lewis Smith 2020-07-05 21:07:46 CEST

Thanks yet again DavidG for the quick Cauldron fix.

On that basis, assigning to you for the M7 one. Also, you have done similar things for the SRPM previously.

Assignee: bugsquad => geiger.david68210

Lewis Smith 2020-07-05 21:08:29 CEST

CC: geiger.david68210 => (none)

Comment 4 David Walser 2020-07-07 22:52:21 CEST

openSUSE has issued an advisory for this today (July 7):
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html

Comment 5 David Walser 2020-07-21 17:09:51 CEST

Python 3.8.5 has been released today (July 21):
https://pythoninsider.blogspot.com/2020/07/python-385-released-as-security-hotfix.html

We'll get it updated in Cauldron, but we'll need to backport the security fixes:
CVE-2019-20907
CVE-2020-15801
BPO-39603
BPO-41288

Comment 6 David Walser 2020-07-29 22:55:29 CEST

Merging into Bug 26268.

*** This bug has been marked as a duplicate of bug 26268 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED
Depends on: 26268 => (none)