Bug 29969 - ipython new security issue CVE-2022-21699
Summary: ipython new security issue CVE-2022-21699
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 29994
  Show dependency treegraph
 
Reported: 2022-01-30 19:03 CET by David Walser
Modified: 2023-02-27 21:28 CET (History)
5 users (show)

See Also:
Source RPM: ipython-7.22.0-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-30 19:03:41 CET 
Debian-LTS has issued an advisory on January 24:
https://www.debian.org/lts/security/2022/dla-2896

The issue is fixed upstream in 7.31.1.

Mageia 8 is also affected.
David Walser 2022-01-30 19:03:56 CET

Status comment: (none) => Fixed upstream in 7.31.1
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-02-02 19:14:26 CET 
Debian has issued an advisory for this on January 31:
https://www.debian.org/security/2022/dsa-5065
Comment 3 Thomas Backlund 2022-02-18 00:45:14 CET 
7.31.1 pushed to cauldron

Version: Cauldron => 8

Thomas Backlund 2022-02-18 00:45:21 CET

Whiteboard: MGA8TOO => (none)

Comment 4 David Walser 2022-07-08 21:27:07 CEST 
openSUSE has issued an advisory for this today (July 8):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NTGOGG2ZEI7KLN4MVBRDQQ4FSIXPEKNL/
Comment 5 papoteur 2023-02-18 21:40:34 CET 
Updated:
ipython-doc-7.31.1-1.mga8.noarch.rpm
ipython-7.31.1-1.mga8.noarch.rpm

Source
ipython-7.31.1-1.mga8.src.rpm

Status comment: Fixed upstream in 7.31.1 => (none)
CC: (none) => yves.brungard_mageia
Assignee: python => qa-bugs

Comment 6 Herman Viaene 2023-02-23 10:56:35 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Tried tests as in bug 16686, but sites indicated there just draw the Error 404,
so found https://ipython.readthedocs.io/en/stable/interactive/tutorial.html and just  tried the simpliest examples.
$ ipython3
Python 3.8.14 (default, Oct  4 2022, 06:27:18) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.31.1 -- An enhanced Interactive Python. Type '?' for help.

In [1]: print('Hello IPython')                                                                                            
Hello IPython

In [2]: 25 * 5                                                                                                            
Out[2]: 125

In [3]: quit                                                                                                              

$ ipython
Python 3.8.14 (default, Oct  4 2022, 06:27:18) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.31.1 -- An enhanced Interactive Python. Type '?' for help.

In [1]: print('Hello IPython')                                                                                            
Hello IPython

In [2]: 25 * 5                                                                                                            
Out[2]: 125

In [3]: quit         

So it works at least basically.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 7 Thomas Andrews 2023-02-23 23:54:11 CET 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

David GEIGER 2023-02-24 04:23:30 CET

Blocks: (none) => 29994

Dave Hodgins 2023-02-25 19:55:42 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2023-02-27 21:28:46 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0058.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.