SUSE has issued an advisory on December 17: https://lists.suse.com/pipermail/sle-security-updates/2020-December/008081.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOAssignee: bugsquad => python
Fixed already in the latest python 3.8 from cauldron ( the fixed commit is https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 )
Version: Cauldron => 7CC: (none) => mageiaWhiteboard: MGA7TOO => (none)
Fix pushed in updates_testing: src: python3-3.7.9-1.1.mga7
Assignee: python => qa-bugs
Advisory: ======================== Updated python3 packages fix security vulnerability: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008081.html ======================== Updated packages in core/updates_testing: ======================== python3-3.7.9-1.1.mga7 libpython3.7-3.7.9-1.1.mga7 libpython3.7-stdlib-3.7.9-1.1.mga7 libpython3.7-testsuite-3.7.9-1.1.mga7 libpython3-devel-3.7.9-1.1.mga7 python3-docs-3.7.9-1.1.mga7 tkinter3-3.7.9-1.1.mga7 tkinter3-apps-3.7.9-1.1.mga7 from python3-3.7.9-1.1.mga7.src.rpm
mga7, x64 Updated all the packages via MageiaUpdate after trying smem. $ urpmq --requires smem python3 python3dist(matplotlib) $ smem -u --pie=user lcl That produced a piechart showing that lcl was using 6.29% of memory. Simple scripts work: $ python3 fibonacci.py Fibonacci series for first 13 terms 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233 The tenth term is 34 [0, 1, 1, 2, 3, 5, 8, 13, 21, 34] $ python3 sieve.py q = 2 q = 3 q = 5 [...] q = 281 q = 283 q = 293 $ python3 button.py <Created a simple gui with two buttons which produced simple results> Interactive python3 works. $ python3 Python 3.7.9 (default, Dec 24 2020, 09:00:40) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import itertools def fib( n ): a, b = 0, 1 for i in range( n ): a, b = b, a + b return a .......................... a = fiblist( 13 ) print( "Fibonacci series for first 13 terms" ) >>> print( str( a ).strip( '[]' ) ) 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233 >>> print( "The tenth term is %d" % a[9] ) The tenth term is 34 >>> print( list( itertools.islice( fibo( ), 10 ) ) ) [0, 1, 1, 2, 3, 5, 8, 13, 21, 34] >>> exit( ) $ $ ll /usr/bin/python3 lrwxrwxrwx 1 root root 9 Dec 24 09:01 /usr/bin/python3 -> python3.7* $ urpmq --whatrequires python3 | sort -u | wc -l 65 This is probably all we need to do for this.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
Keywords: (none) => advisoryCVE: (none) => CVE-2020-27619CC: (none) => ouaurelienSource RPM: python3-3.8.6-1.mga8.src.rpm => python3-3.7.9-1.mga7.src.rpm
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0477.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED