| Summary: | python-jinja2 new security issue CVE-2020-28493 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | python-jinja2-2.11.2-2.mga8.src.rpm | CVE: | CVE-2020-28493 |
| Status comment: | |||
|
Description
David Walser
2021-02-26 22:42:24 CET
David Walser
2021-02-26 22:42:42 CET
Status comment:
(none) =>
Fixed upstream in 2.11.3 Another one for you, David, as you did the last several version upgrades. Assignee:
bugsquad =>
geiger.david68210 Done for cauldron, mga8 and mga7! Package list: python2-jinja2-2.11.3-1.mga7 python3-jinja2-2.11.3-1.mga7 python3-jinja2-2.11.3-1.mga8 from SRPMS: python-jinja2-2.11.3-1.mga7.src.rpm python-jinja2-2.11.3-1.mga8.src.rpm Status comment:
Fixed upstream in 2.11.3 =>
(none) Newer SUSE advisory from February 26: https://lists.suse.com/pipermail/sle-security-updates/2021-February/008398.html Nothing from openSUSE yet, but probably will be soon. Advisory: ======================== Updated python-jinja2 packages fix security vulnerability: ReDOS vulnerability where urlize could have been called with untrusted user data (CVE-2020-28493). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008398.html MGA7-64 MATE on PeaqC1011 No installation issues. This seems developer's stuff. Propose to OK on clean install. CC:
(none) =>
herman.viaene Sorry, I didn't notice the procedure on bug 12265 $ python test.py Hello. If you see this with no errors then it worked :) $ python3 test.py File "test.py", line 4 print output ^ SyntaxError: Missing parentheses in call to 'print'. Did you mean print(output)? I changed the test.py to the suggestion and then $ python3 test.py Hello. If you see this with no errors then it worked :) and the first test on python works as well, so OK Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK Tested in mga8 64-bit Plasma mga8 guest. No installation issues. Tried the test from Comment 7, with the same error. Corrected the file, ran again, this time successfully. OK for mga8. Validating. Advisory in Comment 5. Keywords:
(none) =>
validated_update
Aurelien Oudelet
2021-04-12 15:51:52 CEST
CC:
(none) =>
ouaurelien An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0178.html Status:
NEW =>
RESOLVED |