| Summary: | python-nltk new security issue CVE-2021-3828 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, marja11, sysadmin-bugs, yvesbrungard |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | python-nltk-3.4.5-3.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-07-04 21:02:44 CEST
David Walser
2022-07-04 21:02:59 CEST
Status comment:
(none) =>
Fixed upstream in 3.6.6 Submitted python3-nltk-3.6.6-1.mga8.noarch Source python-nltk-3.6.6-1.mga8.src.rpm This package adds a command: nltk It is not claimed by any other package. CC:
(none) =>
yves.brungard_mageia
papoteur
2023-02-21 11:00:58 CET
Assignee:
python =>
qa-bugs Sorry, the following package cannot be selected: - python3-nltk-3.6.6-1.mga8.noarch (due to unsatisfied python3.8dist(regex)[>= 2021.8.3]) CC:
(none) =>
herman.viaene
David Walser
2023-02-21 14:27:39 CET
Keywords:
(none) =>
feedback Just tried to update this in VirtualBox, and there has been no change. I get the same error message. CC:
(none) =>
andrewsfarm Sorry, I missed this. An update is building: python3-regex-2022.9.13-1.mga8 Source: python-regex-2022.9.13-1.mga8 Added to: python3-nltk-3.6.6-1.mga8.noarch Source: python-nltk-3.6.6-1.mga8 Thank you. It updates now with no issues. Looking at /usr/bin, the command "nltk" has been added. "The Natural Language Toolkit is a Python package that simplifies the construction of programs..." Developer stuff, beyond the scope of QA. Giving this an OK, and validating. The advisory should be sure to include both python3-nltk and python3-regex-2022. CC:
(none) =>
sysadmin-bugs Advisory: =========== Update python-nltk to 3.6.6 Resolve ReDoS opportunity by fixing incorrectly specified regex ================ (In reply to papoteur from comment #6) > Advisory: > =========== > Update python-nltk to 3.6.6 > Resolve ReDoS opportunity by fixing incorrectly specified regex > ================ So both python-regex-2022.9.13-1.mga8 and python-nltk-3.6.6-1.mga8 Need to be in the advisory (and pushed to updates toghether), right? CC:
(none) =>
marja11 (In reply to Marja Van Waes from comment #7) > (In reply to papoteur from comment #6) > > Advisory: > > =========== > > Update python-nltk to 3.6.6 > > Resolve ReDoS opportunity by fixing incorrectly specified regex > > ================ > > So both > python-regex-2022.9.13-1.mga8 > and > python-nltk-3.6.6-1.mga8 > > Need to be in the advisory (and pushed to updates toghether), right? I've uploaded the advisory with that addition. Please remove the "advisory" keyword if that was wrong. Keywords:
(none) =>
advisory (In reply to Marja Van Waes from comment #7) > (In reply to papoteur from comment #6) > So both > python-regex-2022.9.13-1.mga8 > and > python-nltk-3.6.6-1.mga8 > > Need to be in the advisory (and pushed to updates toghether), right? Yes, indeed. An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0302.html Status:
NEW =>
RESOLVED |