Bug 30254 - python-oslo-utils new security issue CVE-2022-0718
Summary: python-oslo-utils new security issue CVE-2022-0718
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-04-07 18:14 CEST by David Walser
Modified: 2022-05-19 09:56 CEST (History)
6 users (show)

See Also:
Source RPM: python-oslo-utils-4.1.1-1.mga8.src.rpm
CVE:
Status comment:


Attachments

David Walser 2022-04-07 18:14:14 CEST

Status comment: (none) => Fixed upstream in 4.12.1

Comment 1 papoteur 2022-05-13 15:05:24 CEST
Release is now built:
python3-oslo-utils-4.12.1-1.mga8.noarch.rpm

Assignee: bruno => qa-bugs
CC: (none) => yves.brungard_mageia
Status comment: Fixed upstream in 4.12.1 => (none)

papoteur 2022-05-13 15:06:27 CEST

CC: (none) => bruno

Comment 2 David Walser 2022-05-13 15:25:21 CEST
SRPM:
python-oslo-utils-4.12.1-1.mga8.src.rpm
Comment 3 Herman Viaene 2022-05-14 11:29:09 CEST
Sorry, the following package cannot be selected:

- python3-oslo-utils-4.12.1-1.mga8.noarch (because of unfulfilled python3.8dist(pbr)[< 2.1])

CC: (none) => herman.viaene

David Walser 2022-05-14 15:36:15 CEST

Keywords: (none) => feedback

Comment 4 David Walser 2022-05-15 18:11:50 CEST
Package requires fixed:
python3-oslo-utils-4.12.1-2.mga8

from python-oslo-utils-4.12.1-2.mga8.src.rpm

Keywords: feedback => (none)

Comment 5 Herman Viaene 2022-05-16 15:44:11 CEST
New version installs OK now.
No previous updates and
# urpmq --whatrequires python3-oslo-utils                   
python3-oslo-db
python3-oslo-serialization
python3-oslo-utils
# urpmq --whatrequires-recursive python3-oslo-utils
python3-oslo-db
python3-oslo-serialization
python3-oslo-utils
python3-subunit2sql
python3-subunit2sql-graph

This is all developers territory, so OK on clean install.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2022-05-16 23:34:05 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-05-19 00:17:31 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2022-05-19 09:56:57 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0189.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.