Bug 31109

Summary: python-mistune new security issue CVE-2022-34749
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Python Stack Maintainers <python>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: nicolas.salguero, yvesbrungard
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: python-mistune-0.8.4-5.mga9.src.rpm CVE:
Status comment: Patch available from Fedora

Description David Walser 2022-11-11 18:46:07 CET 
Fedora has issued an advisory on November 10:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IR4NEZTSNRP7XWC2IHJR7ILKP5BR6R3Q/

The issue is fixed upstream in 2.0.4.

However, updating to 2.0.x would break python-m2r, which requires 0.8.x.

Patches are available from Fedora.

Mageia 8 is also affected.
David Walser 2022-11-11 18:46:22 CET

Status comment: (none) => Patch available from Fedora
Whiteboard: (none) => MGA8TOO

Comment 1 papoteur 2023-02-15 09:54:00 CET 
cauldron is update with 2.0.4. And indeed, m2r and m2r2 are broken.

Whiteboard: MGA8TOO => (none)
CC: (none) => yves.brungard_mageia
Version: Cauldron => 8

Comment 2 Nicolas Salguero 2024-01-12 10:30:56 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => nicolas.salguero