| Summary: | python new security issues CVE-2021-4189 and CVE-2022-0391 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Python Stack Maintainers <python> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | mageia, nicolas.salguero |
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | python-2.7.18-7.3.mga8.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 30572, 31000 | ||
| Bug Blocks: | |||
|
Description
David Walser
2022-02-13 18:37:39 CET
David Walser
2022-02-13 18:37:52 CET
Whiteboard:
(none) =>
MGA8TOO Assigning as the SRPM suggests. Assignee:
bugsquad =>
python Fedora has issued an advisory on February 24: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/ It fixes a new CVE (fixed in python3 in Bug 29288). Status comment:
Patch available from Debian =>
Patches available from Fedora and Debian openSUSE has issued an advisory for this on April 1: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ULIK4RFHGHTVVWROQ6NTBBB4JWOGWYD6/ Hopefully we don't also have a bundled pip, otherwise CVE-2021-3572 would also be an issue. patches just pushed in cauldron Version:
Cauldron =>
8 fixed in mga8
src:
- python-2.7.18-7.4.mga8Status comment:
Patches available from Fedora and Debian =>
(none) Build failure: http://pkgsubmit.mageia.org/uploads/failure/8/core/updates_testing/20220905223847.neoclust.duvel.3686377/log/python-2.7.18-7.4.mga8/build.armv7hl.0.20220905225559.log Assignee:
qa-bugs =>
python
Jani Välimaa
2022-10-04 10:05:57 CEST
Depends on:
(none) =>
30572
David Walser
2023-05-18 17:58:16 CEST
Depends on:
(none) =>
31000 Mageia 8 EOL CC:
(none) =>
nicolas.salguero |