Bug 29450 - python3 new security issues fixed upstream in 3.8.12
Summary: python3 new security issues fixed upstream in 3.8.12
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2021-09-08 23:00 CEST by David Walser
Modified: 2021-09-16 22:12 CEST (History)
4 users (show)

See Also:
Source RPM: python3-3.8.11-1.1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-09-08 23:00:24 CEST
Fedora has issued an advisory today (September 8):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K7QDAEX4PWRYYEIXRF5QDGKJULJO6HKD/

3.8.12, released on August 30, fixed a few security issues:
https://docs.python.org/release/3.8.12/whatsnew/changelog.html
Comment 1 David Walser 2021-09-13 03:24:35 CEST
Updated package uploaded by Jani.

python3-3.8.12-1.mga8
libpython3.8-stdlib-3.8.12-1.mga8
libpython3.8-3.8.12-1.mga8
libpython3-devel-3.8.12-1.mga8
tkinter3-apps-3.8.12-1.mga8
tkinter3-3.8.12-1.mga8
libpython3.8-testsuite-3.8.12-1.mga8
python3-docs-3.8.12-1.mga8

from python3-3.8.12-1.mga8.src.rpm

CC: (none) => jani.valimaa
Assignee: python => qa-bugs

Comment 2 Herman Viaene 2021-09-13 16:16:22 CEST
MGA8-64 Plasma on Lenovo B50
No installation issues.
Ref bug 29288 for testing.
As indicated there , closed and reopened QARepo, also launched isodumper (was installed for this test), and all seems OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2021-09-14 02:41:46 CEST
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 David Walser 2021-09-16 22:12:46 CEST
One of the commits referenced by Ubuntu for CVE-2021-3737 is included in this update, just FYI:
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/CVE-2021-3737

Note You need to log in before you can comment on or make changes to this bug.