31109 – python-mistune new security issue CVE-2022-34749

Bug 31109 - python-mistune new security issue CVE-2022-34749

Summary: python-mistune new security issue CVE-2022-34749

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Python Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-11 18:46 CET by David Walser
Modified:	2024-01-12 10:30 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	python-mistune-0.8.4-5.mga9.src.rpm
CVE:
Status comment:	Patch available from Fedora

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-11-11 18:46:07 CET

Fedora has issued an advisory on November 10:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IR4NEZTSNRP7XWC2IHJR7ILKP5BR6R3Q/

The issue is fixed upstream in 2.0.4.

However, updating to 2.0.x would break python-m2r, which requires 0.8.x.

Patches are available from Fedora.

Mageia 8 is also affected.

David Walser 2022-11-11 18:46:22 CET

Status comment: (none) => Patch available from Fedora
Whiteboard: (none) => MGA8TOO

Comment 1 papoteur 2023-02-15 09:54:00 CET

cauldron is update with 2.0.4. And indeed, m2r and m2r2 are broken.

Whiteboard: MGA8TOO => (none)
CC: (none) => yves.brungard_mageia
Version: Cauldron => 8

Comment 2 Nicolas Salguero 2024-01-12 10:30:56 CET

Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => nicolas.salguero

Note You need to log in before you can comment on or make changes to this bug.