A security issue in GitPython just became public: https://github.com/gitpython-developers/GitPython/issues/1515 https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 There is no fix available yet, but hopefully there will be soon.
Whiteboard: (none) => MGA8TOO
Assigning anyway to the Python people. Who is going to notice the fix when published?
Assignee: bugsquad => python
Fedora has issued an advisory for this today (January 4): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/ The issue is fixed upstream in 3.1.30.
Status comment: (none) => Fixed upstream in 3.1.30Severity: normal => critical
Updated in cauldron
Version: Cauldron => 8CC: (none) => yves.brungard_mageiaWhiteboard: MGA8TOO => (none)
Now in Mageia 8 testing: python3-gitpython-3.1.30-1.mga8 Source: python-gitpython-3.1.30-1.mga8
Status comment: Fixed upstream in 3.1.30 => (none)Assignee: python => qa-bugs
MGA8-644 MATE on Acer Aspire 5253 No installation issues. Following procedure from bug 18540 Comment 5, first installed git and its dependencies, then $ git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Cloning into 'linux'... remote: Enumerating objects: 539, done. remote: Counting objects: 100% (539/539), done. remote: Compressing objects: 100% (307/307), done. remote: Total 9229031 (delta 342), reused 314 (delta 232), pack-reused 9228492 Receiving objects: 100% (9229031/9229031), 2.54 GiB | 4.41 MiB/s, done. Resolving deltas: 100% (7565206/7565206), done. Checking objects: 100% (33554432/33554432), done. Updating files: 100% (79495/79495), done. $ python3 Python 3.8.14 (default, Oct 4 2022, 06:27:18) [GCC 10.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from git import repo >>> rp = repo.Repo('~/linux/') >>> cm = rp.commit("ad3e2751e7") >>> cm.stats.files.keys() dict_keys(['drivers/ntb/ntb_hw.c']) >>> exit() That is exactly the same, so OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0001.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED