openSUSE has issued an advisory on July 19: https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html
This SRPM has no evident maintainer, so having to assign this bug globally.
Assignee: bugsquad => pkg-bugs
Done for mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated python-ipaddress package fixes security vulnerability: Hash collisions in IPv4Interface and IPv6Interface could lead to DOS (CVE-2020-14422). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422 https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html ======================== Updated packages in core/updates_testing: ======================== python2-ipaddress-1.0.22-1.1.mga7 from python-ipaddress-1.0.22-1.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. No wiki, no previous updates, so trying my own hand. # urpmq --whatrequires python2-ipaddress deluge docker-compose python-uritools python2-backports-ssl_match_hostname python2-ipaddress python2-xmpp-backends Deluge sounded somewhat familiar, so installed that one and run it with strace. Added a torrent from http://ftp.tku.edu.tw/Linux/Mageia/iso/7.1/torrents/, and deleted it after successful download. Checked trace and found refs to python-ipaddress , so good to go for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0343.html
Status: NEW => RESOLVEDResolution: (none) => FIXED