Bug 31745

Summary:	python-markdown-it-py new security issue CVE-2023-26302
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Python Stack Maintainers <python>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	major
Priority:	Normal	CC:	makowski.mageia, marja11, yvesbrungard
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	python-markdown-it-py-2.1.0-1.mga9.src.rpm	CVE:
Status comment:	Fixed upstream in 2.2.0

Description David Walser 2023-03-30 23:41:42 CEST

Fedora has issued an advisory today (March 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WKDHZWDWILHZQ2GUZZ7CGBO6FVO46OLX/

The issue is fixed upstream in 2.2.0.

Mageia 8 is also affected.

David Walser 2023-03-30 23:41:53 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.2.0

Comment 1 Marja Van Waes 2023-04-02 10:56:30 CEST

Assigning to the Python stack maintainers, CC'ing the registered maintainer

CC: (none) => makowski.mageia, marja11
Assignee: bugsquad => python

Comment 2 papoteur 2023-04-02 13:32:48 CEST

This package doesn't exist in Mageia 8.
It's building in 2.2.0 for cauldron.

CC: (none) => yves.brungard_mageia
Whiteboard: MGA8TOO => (none)

Comment 3 papoteur 2023-04-03 13:59:38 CEST

The package is built and moved in Core

Status: NEW => RESOLVED
Resolution: (none) => FIXED