Fedora has issued an advisory today (January 5): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/ The issue is fixed upstream in 1.10.0. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 1.10.0Whiteboard: (none) => MGA7TOO
fixed in cauldron and new rpm pushed in mga7 src: python-py-1.8.0-1.1.mga7
Assignee: python => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => mageia
Advisory: ======================== Updated python-py packages fix security vulnerability: A denial of service via regular expression in the py.path.svnwc component of python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality (CVE-2020-29651). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29651 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/ ======================== Updated packages in core/updates_testing: ======================== python2-py-1.8.0-1.1.mga7 python3-py-1.8.0-1.1.mga7 python-py-doc-1.8.0-1.1.mga7 from python-py-1.8.0-1.1.mga7.src.rpm
Status comment: Fixed upstream in 1.10.0 => (none)
*** Bug 28139 has been marked as a duplicate of this bug. ***
CC: (none) => zombie_ryushu