Fedora has issued an advisory today (September 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6F3KETKIU2JFORRESD4J7D2SWIC2TKHE/ The issue is fixed upstream in 3.6.6. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the python maintainer group, CC'ing the registered maintainer.
CC: (none) => guillomovitch, marja11Assignee: bugsquad => python
Fixed for Cauldron! But I don't see this package on mga6 repo.
CC: (none) => geiger.david68210
Oh, it looks like it's actually python-pycryptodomex that needs fixed (see the x) I guess it's not in older versions. Not sure what I was looking at.
Summary: python-pycryptodome new security issue CVE-2018-15560 => python-pycryptodomex new security issue CVE-2018-15560Whiteboard: MGA6TOO => (none)Source RPM: python-pycryptodome-3.6.4-2.mga7.src.rpm => python-pycryptodomex-3.6.4-2.mga7.src.rpm
Both packages have been updated to 3.6.6 by David. Thanks David!
Status: NEW => RESOLVEDResolution: (none) => FIXED