Bug 30663 - python-ujson new security issues CVE-2022-31116 and CVE-2022-31117
Summary: python-ujson new security issues CVE-2022-31116 and CVE-2022-31117
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-23 17:32 CEST by David Walser
Modified: 2022-07-29 22:54 CEST (History)
5 users (show)

See Also:
Source RPM: python-ujson-5.3.0-1.mga8.src.rpm
CVE:
Status comment:


Attachments

David Walser 2022-07-23 17:32:39 CEST

Status comment: (none) => Fixed upstream in 5.4.0
Whiteboard: (none) => MGA8TOO
CC: (none) => yves.brungard_mageia

Comment 1 David Walser 2022-07-24 04:59:48 CEST
python-ujson-5.4.0-1.mga9 uploaded for Cauldron by papoteur.

Source RPM: python-ujson-5.3.0-1.mga9.src.rpm => python-ujson-5.3.0-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 2 papoteur 2022-07-24 10:30:14 CEST
Update is ready in testing:
python3-ujson-5.4.0-1.mga8

Source:
python-ujson-5.4.0-1.mga8.src.rpm

Status comment: Fixed upstream in 5.4.0 => (none)
Assignee: python => qa-bugs

Comment 3 Herman Viaene 2022-07-26 10:56:24 CEST
MGA8-64 Plasma on Acer Aspire 5253
No installation issues.
Ref bug 30502 for test
$ python3 testujson.py 
a type: <class 'dict'>
b variable: <class 'str'>
{"name":"Horseman","age":"21","city":"Mumbai"}
{
    "name": "Horseman",
    "age": "21",
    "city": "Mumbai"
}
c variable: <class 'dict'>
{'name': 'Horseman', 'age': '21', 'city': 'Mumbai'}
Looks OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2022-07-29 03:43:25 CEST
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-07-29 20:31:53 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-07-29 22:54:50 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0270.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.