Bug 33395

Summary: python-zipp new security issue CVE-2024-5569
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Python Stack Maintainers <python>
Status: NEW --- QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9TOO
Source RPM: python-zipp-3.8.1-4.mga10.src.rpm, python-zipp-3.8.1-3.mga9.src.rpm CVE: CVE-2024-5569
Status comment: Fixed upstream in 3.19.1 and patch available from upstream and openSUSE

Description Nicolas Salguero 2024-07-12 15:23:32 CEST 
SUSE has issued an advisory on July 11:
https://lists.suse.com/pipermail/sle-updates/2024-July/035932.html

The problem is fixed in versions 3.19.1 and above.
The fix is: https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd

Mageia 9 is also affected.
Nicolas Salguero 2024-07-12 15:24:58 CEST

CVE: (none) => CVE-2024-5569
Status comment: (none) => Fixed upstream in 3.19.1 and patch available from upstream and openSUSE
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => python-zipp-3.8.1-4.mga10.src.rpm, python-zipp-3.8.1-3.mga9.src.rpm

Comment 1 Lewis Smith 2024-07-12 20:46:48 CEST 
Assigning to Python maintainers.

Assignee: bugsquad => python