Bug 31617

Summary: python-werkzeug new security issues CVE-2023-23934 and CVE-2023-25577
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Python Stack Maintainers <python>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia, nicolas.salguero, yvesbrungard
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: python-werkzeug-1.0.1-1.mga8.src.rpm CVE:
Status comment: Fixed upstream in 2.2.3

Description David Walser 2023-03-02 02:25:29 CET 
Debian-LTS has issued an advisory on February 27:
https://www.debian.org/lts/security/2023/dla-3346

The issues are fixed upstream in 2.2.3:
https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323

Mageia 8 is also affected.
David Walser 2023-03-02 02:25:42 CET

Status comment: (none) => Fixed upstream in 2.2.3
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-03-02 19:38:37 CET 
This is nominally with NicolasL, who commited v2.2.2; CC'ing him, assigning to Pÿthon maintainers.

Assignee: bugsquad => python
CC: (none) => mageia

Comment 4 David Walser 2023-03-14 16:34:14 CET 
Ubuntu has issued an advisory for this on March 13:
https://ubuntu.com/security/notices/USN-5948-1

Summary: python-werzkeug new security issues CVE-2023-23934 and CVE-2023-25577 => python-werkzeug new security issues CVE-2023-23934 and CVE-2023-25577

Comment 5 papoteur 2023-05-05 15:34:10 CEST 
This is done since 2023-03-14 for cauldron by David G

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
CC: (none) => yves.brungard_mageia

Comment 6 David Walser 2023-05-05 16:02:12 CEST 
More specifically, python-werkzeug-2.2.3-1.mga9 was uploaded.

Source RPM: python-werkzeug-2.2.2-1.mga9.src.rpm => python-werkzeug-1.0.1-1.mga8.src.rpm

Comment 7 Nicolas Salguero 2024-01-12 10:38:00 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => nicolas.salguero