29509 – python-flask-restx new security issue CVE-2021-32838

Bug 29509 - python-flask-restx new security issue CVE-2021-32838

Summary: python-flask-restx new security issue CVE-2021-32838

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-09-30 18:08 CEST by David Walser
Modified:	2021-10-13 21:41 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	python-flask-restx-0.2.0-2.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-30 18:08:36 CEST

Fedora has issued an advisories today (September 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5UCTFVDU3677B5OBGK4EF5NMUPJLL6SQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QUD6SWZLX52AAZUHDETJ2CDMQGEPGFL3/

The issue is fixed upstream in 0.5.1.

Mageia 8 is also affected.

David Walser 2021-09-30 18:08:56 CEST

Status comment: (none) => Fixed upstream in 0.5.1
Whiteboard: (none) => MGA8TOO

Comment 1 Jani Välimaa 2021-10-10 10:54:14 CEST

Fixed in cauldron with python-flask-restx-0.5.1-1.mga9.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Source RPM: python-flask-restx-0.2.0-3.mga9.src.rpm => python-flask-restx-0.2.0-2.mga8.src.rpm

Comment 2 Jani Välimaa 2021-10-10 10:56:07 CEST

Pushed python-flask-restx-0.5.1-1.mga8 to core/updates_testing.

SRPMS:
python-flask-restx-0.5.1-1.mga8

RPMS:
python3-flask-restx-0.5.1-1.mga8

Assignee: jani.valimaa => qa-bugs

David Walser 2021-10-10 18:01:24 CEST

Status comment: Fixed upstream in 0.5.1 => (none)

Comment 3 Herman Viaene 2021-10-12 16:04:20 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
OK on clean install as with other developer tools

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2021-10-13 04:00:49 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-10-13 20:02:08 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2021-10-13 21:41:16 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0473.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.