Bug 29969

Summary:	ipython new security issue CVE-2022-21699
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	major
Priority:	Normal	CC:	andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs, yvesbrungard
Version:	8	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA8-64-OK
Source RPM:	ipython-7.22.0-1.mga9.src.rpm	CVE:
Status comment:
Bug Depends on:
Bug Blocks:	29994

Description David Walser 2022-01-30 19:03:41 CET

Debian-LTS has issued an advisory on January 24:
https://www.debian.org/lts/security/2022/dla-2896

The issue is fixed upstream in 7.31.1.

Mageia 8 is also affected.

David Walser 2022-01-30 19:03:56 CET

Status comment: (none) => Fixed upstream in 7.31.1
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-02-02 19:14:26 CET

Debian has issued an advisory for this on January 31:
https://www.debian.org/security/2022/dsa-5065

Comment 2 David Walser 2022-02-13 18:45:04 CET

Fedora has issued advisories for this on February 12:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/

Comment 3 Thomas Backlund 2022-02-18 00:45:14 CET

7.31.1 pushed to cauldron

Version: Cauldron => 8

Thomas Backlund 2022-02-18 00:45:21 CET

Whiteboard: MGA8TOO => (none)

Comment 4 David Walser 2022-07-08 21:27:07 CEST

openSUSE has issued an advisory for this today (July 8):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NTGOGG2ZEI7KLN4MVBRDQQ4FSIXPEKNL/

Comment 5 papoteur 2023-02-18 21:40:34 CET

Updated:
ipython-doc-7.31.1-1.mga8.noarch.rpm
ipython-7.31.1-1.mga8.noarch.rpm

Source
ipython-7.31.1-1.mga8.src.rpm

Status comment: Fixed upstream in 7.31.1 => (none)
CC: (none) => yves.brungard_mageia
Assignee: python => qa-bugs

Comment 6 Herman Viaene 2023-02-23 10:56:35 CET

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Tried tests as in bug 16686, but sites indicated there just draw the Error 404,
so found https://ipython.readthedocs.io/en/stable/interactive/tutorial.html and just  tried the simpliest examples.
$ ipython3
Python 3.8.14 (default, Oct  4 2022, 06:27:18) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.31.1 -- An enhanced Interactive Python. Type '?' for help.

In [1]: print('Hello IPython')                                                                                            
Hello IPython

In [2]: 25 * 5                                                                                                            
Out[2]: 125

In [3]: quit                                                                                                              

$ ipython
Python 3.8.14 (default, Oct  4 2022, 06:27:18) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.31.1 -- An enhanced Interactive Python. Type '?' for help.

In [1]: print('Hello IPython')                                                                                            
Hello IPython

In [2]: 25 * 5                                                                                                            
Out[2]: 125

In [3]: quit         

So it works at least basically.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 7 Thomas Andrews 2023-02-23 23:54:11 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

David GEIGER 2023-02-24 04:23:30 CET

Blocks: (none) => 29994

Dave Hodgins 2023-02-25 19:55:42 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2023-02-27 21:28:46 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0058.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED