openSUSE has issued an advisory on July 3: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ZUSFUYB3S2F4VLUQBWFBYRLCIHMR43P/ The issue is fixed upstream in 3.6.6.
Status comment: (none) => Fixed upstream in 3.6.6
Submitted python3-nltk-3.6.6-1.mga8.noarch Source python-nltk-3.6.6-1.mga8.src.rpm This package adds a command: nltk It is not claimed by any other package.
CC: (none) => yves.brungard_mageia
Assignee: python => qa-bugsStatus comment: Fixed upstream in 3.6.6 => (none)
Sorry, the following package cannot be selected: - python3-nltk-3.6.6-1.mga8.noarch (due to unsatisfied python3.8dist(regex)[>= 2021.8.3])
CC: (none) => herman.viaene
Keywords: (none) => feedback
Just tried to update this in VirtualBox, and there has been no change. I get the same error message.
CC: (none) => andrewsfarm
Sorry, I missed this. An update is building: python3-regex-2022.9.13-1.mga8 Source: python-regex-2022.9.13-1.mga8 Added to: python3-nltk-3.6.6-1.mga8.noarch Source: python-nltk-3.6.6-1.mga8
Thank you. It updates now with no issues. Looking at /usr/bin, the command "nltk" has been added. "The Natural Language Toolkit is a Python package that simplifies the construction of programs..." Developer stuff, beyond the scope of QA. Giving this an OK, and validating. The advisory should be sure to include both python3-nltk and python3-regex-2022.
CC: (none) => sysadmin-bugsKeywords: feedback => validated_updateWhiteboard: (none) => MGA9-64-OK
Advisory: =========== Update python-nltk to 3.6.6 Resolve ReDoS opportunity by fixing incorrectly specified regex ================
(In reply to papoteur from comment #6) > Advisory: > =========== > Update python-nltk to 3.6.6 > Resolve ReDoS opportunity by fixing incorrectly specified regex > ================ So both python-regex-2022.9.13-1.mga8 and python-nltk-3.6.6-1.mga8 Need to be in the advisory (and pushed to updates toghether), right?
CC: (none) => marja11
(In reply to Marja Van Waes from comment #7) > (In reply to papoteur from comment #6) > > Advisory: > > =========== > > Update python-nltk to 3.6.6 > > Resolve ReDoS opportunity by fixing incorrectly specified regex > > ================ > > So both > python-regex-2022.9.13-1.mga8 > and > python-nltk-3.6.6-1.mga8 > > Need to be in the advisory (and pushed to updates toghether), right? I've uploaded the advisory with that addition. Please remove the "advisory" keyword if that was wrong.
Keywords: (none) => advisory
(In reply to Marja Van Waes from comment #7) > (In reply to papoteur from comment #6) > So both > python-regex-2022.9.13-1.mga8 > and > python-nltk-3.6.6-1.mga8 > > Need to be in the advisory (and pushed to updates toghether), right? Yes, indeed.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0302.html
Status: NEW => RESOLVEDResolution: (none) => FIXED