Bug 30572

Ubuntu has issued an advisory for this today (July 14):
https://ubuntu.com/security/notices/USN-5519-1

Python3 fixed in cauldron with python3-3.10.6-1.mga9.

https://svnweb.mageia.org/packages?view=revision&revision=1876729

Python fixed in cauldron with python-2.7.18-13.mga9.

https://svnweb.mageia.org/packages?view=revision&revision=1894587

Source RPM: python-2.7.18-11.mga9.src.rpm, python3-3.10.5-1.mga9.src.rpm => python-2.7.18-7.3.mga8, python3-3.8.12-1.mga8
Version: Cauldron => 8
CC: (none) => jani.valimaa
Whiteboard: MGA8TOO => (none)

Pushed python-2.7.18-7.4.mga8 including fixes from bug 30043 and python3-3.8.14-1.1.mga8 to mga8 core/updates_testing.

Python3 update is handled in bug 30848.

SRPMS:
python-2.7.18-7.4.mga8

RPMS:
lib(64)python2.7-2.7.18-7.4.mga8
lib(64)python2.7-stdlib-2.7.18-7.4.mga8
lib(64)python2.7-testsuite-2.7.18-7.4.mga8
lib(64)python-devel-2.7.18-7.4.mga8
python-2.7.18-7.4.mga8
python-docs-2.7.18-7.4.mga8
tkinter-2.7.18-7.4.mga8
tkinter-apps-2.7.18-7.4.mga8

Blocks: (none) => 30043

Python 2.x is also vulnerable to CVE-2021-28861, we should fix that here too.

SUSE has issued an advisory for this on October 4:
https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.html

Keywords: (none) => feedback

(In reply to David Walser from comment #4)
> Python 2.x is also vulnerable to CVE-2021-28861, we should fix that here too.
> 
> SUSE has issued an advisory for this on October 4:
> https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.
> html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOHEWJI4EPENRFNUSCXL2KZG7QSBH2MJ/

Pushed python-2.7.18-7.5.mga8 to core/updates_testing including fixes from bug 30043 and fixes for CVE-2021-28861 from SUSE.

SRPMS:
python-2.7.18-7.5.mga8

RPMS:
lib(64)python2.7-2.7.18-7.5.mga8
lib(64)python2.7-stdlib-2.7.18-7.5.mga8
lib(64)python2.7-testsuite-2.7.18-7.5.mga8
lib(64)python-devel-2.7.18-7.5.mga8
python-2.7.18-7.5.mga8
python-docs-2.7.18-7.5.mga8
tkinter-2.7.18-7.5.mga8
tkinter-apps-2.7.18-7.5.mga8

mga8, x64

Nothing much seems to depend on python 2.7.18 currently, just python itself and lsb.  youtube-dl has presumably been converted to python 3.
$ file /usr/bin/youtube-dl
/usr/bin/youtube-dl: a /usr/bin/env python3 script executable (binary data)

Checked out a couple of learner scripts - they worked fine.

Updated using the list in comment 6.  Clean installation.
The ttk script failed to find the tkinter package, possibly because it did not address it properly but the simple functionality script worked fine.

Difficult to know just how to test this so these tests shall have to suffice.
Leaving it without an OK in case somebody has a better idea.

CC: (none) => tarazed25

$ python2 try.py
ImportError: No module named Tkinter

try:
    import tkinter
except ImportError:
    import Tkinter
    tkinter = Tkinter
    del Tkinter

exit()

Did you install tkinter?

Created attachment 13417 [details]
Eratosthenes Sieve for python2

You are correct David - missed a step, drakrpm-update after qarepo.
Getting too old and senile for this job.  Just lost my reply as well.

Fixed that and now Eratosthenes Sieve works but there is still trouble with tkinter (which is definitely there now)  try.py now works - no exception raised.  The module needs to be addressed as Tkinter but submodules like ttk cannot be found.  This is a programming problem - I don't know python so cannot take it any further but would suggest that this should not hold up the update.

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0367.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED