Fedora has issued advisories on June 19 and June 20: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/ Mageia 8 is also affected.
Status comment: (none) => Patches available from FedoraWhiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this today (July 14): https://ubuntu.com/security/notices/USN-5519-1
Depends on: (none) => 30848
Python3 fixed in cauldron with python3-3.10.6-1.mga9. https://svnweb.mageia.org/packages?view=revision&revision=1876729 Python fixed in cauldron with python-2.7.18-13.mga9. https://svnweb.mageia.org/packages?view=revision&revision=1894587
Source RPM: python-2.7.18-11.mga9.src.rpm, python3-3.10.5-1.mga9.src.rpm => python-2.7.18-7.3.mga8, python3-3.8.12-1.mga8Version: Cauldron => 8CC: (none) => jani.valimaaWhiteboard: MGA8TOO => (none)
Pushed python-2.7.18-7.4.mga8 including fixes from bug 30043 and python3-3.8.14-1.1.mga8 to mga8 core/updates_testing. Python3 update is handled in bug 30848. SRPMS: python-2.7.18-7.4.mga8 RPMS: lib(64)python2.7-2.7.18-7.4.mga8 lib(64)python2.7-stdlib-2.7.18-7.4.mga8 lib(64)python2.7-testsuite-2.7.18-7.4.mga8 lib(64)python-devel-2.7.18-7.4.mga8 python-2.7.18-7.4.mga8 python-docs-2.7.18-7.4.mga8 tkinter-2.7.18-7.4.mga8 tkinter-apps-2.7.18-7.4.mga8
Blocks: (none) => 30043
Assignee: python => qa-bugsStatus comment: Patches available from Fedora => (none)
Python 2.x is also vulnerable to CVE-2021-28861, we should fix that here too. SUSE has issued an advisory for this on October 4: https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.html
Keywords: (none) => feedback
(In reply to David Walser from comment #4) > Python 2.x is also vulnerable to CVE-2021-28861, we should fix that here too. > > SUSE has issued an advisory for this on October 4: > https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483. > html Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOHEWJI4EPENRFNUSCXL2KZG7QSBH2MJ/
Pushed python-2.7.18-7.5.mga8 to core/updates_testing including fixes from bug 30043 and fixes for CVE-2021-28861 from SUSE. SRPMS: python-2.7.18-7.5.mga8 RPMS: lib(64)python2.7-2.7.18-7.5.mga8 lib(64)python2.7-stdlib-2.7.18-7.5.mga8 lib(64)python2.7-testsuite-2.7.18-7.5.mga8 lib(64)python-devel-2.7.18-7.5.mga8 python-2.7.18-7.5.mga8 python-docs-2.7.18-7.5.mga8 tkinter-2.7.18-7.5.mga8 tkinter-apps-2.7.18-7.5.mga8
Keywords: feedback => (none)
mga8, x64 Nothing much seems to depend on python 2.7.18 currently, just python itself and lsb. youtube-dl has presumably been converted to python 3. $ file /usr/bin/youtube-dl /usr/bin/youtube-dl: a /usr/bin/env python3 script executable (binary data) Checked out a couple of learner scripts - they worked fine. Updated using the list in comment 6. Clean installation. The ttk script failed to find the tkinter package, possibly because it did not address it properly but the simple functionality script worked fine. Difficult to know just how to test this so these tests shall have to suffice. Leaving it without an OK in case somebody has a better idea.
CC: (none) => tarazed25
$ python2 try.py ImportError: No module named Tkinter try: import tkinter except ImportError: import Tkinter tkinter = Tkinter del Tkinter exit()
Did you install tkinter?
Created attachment 13417 [details] Eratosthenes Sieve for python2
You are correct David - missed a step, drakrpm-update after qarepo. Getting too old and senile for this job. Just lost my reply as well. Fixed that and now Eratosthenes Sieve works but there is still trouble with tkinter (which is definitely there now) try.py now works - no exception raised. The module needs to be addressed as Tkinter but submodules like ttk cannot be found. This is a programming problem - I don't know python so cannot take it any further but would suggest that this should not hold up the update.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0367.html
Status: NEW => RESOLVEDResolution: (none) => FIXED